The only solution is to stop distributing this type
of information via email.
Microsoft had a similar issue this autumn with a
group sending emails as "Microsoft Security
Bulletin" and Microsoft sent the following note to all
MCPs:
"STAY ALERT: MICROSOFT NEVER DISTRIBUTES SOFTWARE VIA E-MAIL From
time to time, malicious individuals circulate e-mail messages that purport to be
a Microsoft Security Bulletin or patch. These messages might contain (or link
to) an executable file that contains a virus. Visit TechNet and learn to look
for clues that e-mail messages are not bona fide security bulletins or
patches. http://go.microsoft.com/?linkid=262639"
Frederic MCP, IT Project+, i-Net+, CIWA, A+ member of:
CompTIA-ITPRO, HDI,
IETF ------------------------------------------------------ http://fredsfastcram.netfirms.com------------------------------------------------------
----- Original Message -----
Sent: Sunday, December 21, 2003 11:26
AM
Subject: RE: [Fwd: [isdf] need help from
the ietf list...can someone post this for me? or allow me to post
directly?]
What do you suggest short of an absolute guarantee? How do I
advise consumers to tell the difference between legitimate e-mails with
embedded links and the phished ones using spoofed sites? I am concerned
that this could seriously undermine the use of e-mail and websites for
e-commerce and financial
transactions.
Thanks, Parry
-----Original
Message----- From: Masataka Ohta [mailto:mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Sunday, December 21, 2003 12:06 AM To: Franck Martin Cc: ietf@xxxxxxxx; parry@xxxxxxxxx Subject: Re: [Fwd: [isdf]
need help from the ietf list...can someone post this for me? or allow me to
post directly?]
Franck Martin (Parry Aftab);
> Now IE has a
bug that allows them to mask the real site more easily, by > showing
the spoofed site in the navigation bar. > Do any of the IETF
members have suggestions for easy ways of confirming > that the site
you just linked to is really the site you wanted to >
access?
As you know, an easy way is to just believe Microsoft and
its products.
If you are asking a way guaranteed to work, answers
depend on how much guarantee you need.
It should be noted that
nothing gives absolute guarantee.
It should also be noted that PKIs are
not so useful, as their typical guarantee is mere "money back guarantee"
form CAs.
Masataka
Ohta
|