EH-Net

Ethical Hacking Discussions and Related Certifications => Social Engineering => Topic started by: Andrew Waite on August 29, 2008, 07:03:20 AM


Title: Advice from Microsoft
Post by: Andrew Waite on August 29, 2008, 07:03:20 AM
I think I'm confused. just received this advice in an email from Mircosoft:
Quote
IMPORTANT:  Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.

How does moving from a culture of blindly clicking on links to blindly cut&pasting said links help protect against phishing??? Oh, and the 'as described above? is a long and confusing URL....

Please help, my head hurts....

Title: Re: Advice from Microsoft
Post by: BillV on August 29, 2008, 07:19:53 AM
Haha... nice...

I would guess they're thinking is that a lot of links are typically similar to "hey, come over to www.ebay.com (http://yougotrickrolled.com/) and give us your login!"

Title: Re: Advice from Microsoft
Post by: sgt_mjc on August 29, 2008, 08:30:07 AM
I think you are right there Bill. That may very well be the thought process behind it. Though, wouldn't it make more sense to not go there in the first place? Good defense is always trumped by dumb user.

Title: Re: Advice from Microsoft
Post by: mad_irish on August 29, 2008, 08:42:20 AM
What's even scarier is that tactic fails to prevent many common phishing tactics.  For instance, using a domain name that looks like the target in specific fonts (substituting 1's for lower case L's for instance) or misspelled domain names.  Not to mention that if a link spans multiple lines and it's sometimes tough for users to cut and paste the whole thing.  Microsoft needs to do their security reading (http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf) first before issuing statements like this :(

Title: Re: Advice from Microsoft
Post by: BillV on August 29, 2008, 10:01:14 AM
Quote from: sgt_mjc
Though, wouldn't it make more sense to not go there in the first place?

Exactly what makes this "advice" funny :)

RR - can you forward that email over to me?

Title: Re: Advice from Microsoft
Post by: dalepearson on August 29, 2008, 10:08:19 AM
I am sure it will all be fixed once IE8 goes gold :D

Title: Re: Advice from Microsoft
Post by: Andrew Waite on August 29, 2008, 10:51:59 AM
Quote from: BillV on August 29, 2008, 10:01:14 AM
RR - can you forward that email over to me?

check your inbox :)


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com