Re: [nznog] (OT?) Phishers targetting Kiwibank
Andy Linton wrote:
It would be good if these phishing discussions focussed on technical aspects of what can be done by people on this list once the list knows about the latest scam. The banks I suspect will make their own decisions without seeking advice here.
This thread should now turn to a technical topic or go away. - Donald Neal NZNOG List Administrator Donald Neal |"You know what young, carnivorous, Support Engineer |alien mammal-like monsters are like. NGN Operations |Always getting into scrapes." Integration & Services Division +----------------------------------- Alcatel NZ Ltd - Telecom's network operations manager This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
On Fri, 2005-12-09 at 10:05 +1300, Donald Neal wrote:
Andy Linton wrote: This thread should now turn to a technical topic or go away.
Good call. We could all consider the need to have a graceful "fail over" service. In the event that the main or a major part of a 'net presence is compromised an alternate service needs to be ready to swing into action. Rather than a 'Unable to connect to remote host.' there could/should be a plain vanilla site delivering an apology for temporary suspension of service. --- $NZ0.02 Mark.
"7h3 d0n4lD" said:
Andy Linton wrote:
It would be good if these phishing discussions focussed on technical aspects of what can be done by people on this list once the list knows about the latest scam. The banks I suspect will make their own decisions without seeking advice here.
This thread should now turn to a technical topic or go away.
Okay. Recently I found that one of work's web sites had been hit by referrer spam. The answer for us was to tell apache to block based on referrer URL (and to limit access to /webalizer/ to local IPs only.) Surely banking site admins can make some basic assumptions about their customers... They can't assume that the customer is on a NZ IP range, but they can assume that links to graphics etc will only come from their own site. How long will it be before some bank commissions an activex control that is required to log into their site. Anyone remember the BNZ banking app for windows that dialed up directly to the bank?
criggie(a)criggie.dyndns.org wrote:
How long will it be before some bank commissions an activex control that is required to log into their site. Anyone remember the BNZ banking app for windows that dialed up directly to the bank?
ANZ still offers this, you should more refer back to the BNZ java applet that required you to import certificates. - Drew
participants (4)
-
criggieï¼ criggie.dyndns.org -
Donald Neal -
Drew Broadley -
Mark Munro