On Mon, 22 Dec 2003 frederic.l@xxxxxxxxxxxx wrote: > The only solution is to stop distributing this type of information via email. > > Microsoft had a similar issue this autumn with a group sending emails as "Microsoft Security Bulletin" and Microsoft sent the following note to all MCPs: Yeah, I got those too. They came from hosts inside British Telecom. > > "STAY ALERT: MICROSOFT NEVER DISTRIBUTES SOFTWARE VIA E-MAIL > > >From time to time, malicious individuals circulate e-mail messages that purport to be a Microsoft Security Bulletin or patch. These messages might contain (or link to) an executable file that contains a virus. Visit TechNet and learn to look for clues that e-mail messages are not bona fide security bulletins or patches. > > http://go.microsoft.com/?linkid=262639"; > > Frederic > MCP, IT Project+, i-Net+, CIWA, A+ > member of: CompTIA-ITPRO, HDI, IETF > ------------------------------------------------------ > http://fredsfastcram.netfirms.com > ------------------------------------------------------ > > ----- Original Message ----- > From: Parry Aftab > To: 'Masataka Ohta' ; 'Franck Martin' > Cc: ietf@xxxxxxxx > Sent: Sunday, December 21, 2003 11:26 AM > Subject: RE: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?] > > > What do you suggest short of an absolute guarantee? > How do I advise consumers to tell the difference between legitimate > e-mails with embedded links and the phished ones using spoofed sites? > I am concerned that this could seriously undermine the use of e-mail and > websites for e-commerce and financial transactions. > > Thanks, > Parry > > -----Original Message----- > From: Masataka Ohta [mailto:mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Sunday, December 21, 2003 12:06 AM > To: Franck Martin > Cc: ietf@xxxxxxxx; parry@xxxxxxxxx > Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone > post this for me? or allow me to post directly?] > > Franck Martin (Parry Aftab); > > > Now IE has a bug that allows them to mask the real site more easily, > by > > showing the spoofed site in the navigation bar. > > > Do any of the IETF members have suggestions for easy ways of > confirming > > that the site you just linked to is really the site you wanted to > > access? > > As you know, an easy way is to just believe Microsoft and its > products. > > If you are asking a way guaranteed to work, answers depend on > how much guarantee you need. > > It should be noted that nothing gives absolute guarantee. > > It should also be noted that PKIs are not so useful, as their > typical guarantee is mere "money back guarantee" form CAs. > > Masataka Ohta > > > > > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81/