The Ethical Hacker Network - Advice from Microsoft

Latest Additions

Who's Online

EH-Net Donations

Google Ads

EH-Net News Feeds

Latest Additions

Book Recommendations

Ethical Hacker Community Forums > Ethical Hacking Discussions and Related Certifications > Social Engineering (Moderator: don) > Advice from Microsoft

Pages: [1] Go Down

« previous next »

	Author	Topic: Advice from Microsoft (Read 4163 times)
0 Members and 1 Guest are viewing this topic.

RoleReversal

Hero Member

Offline

Posts: 507

Advice from Microsoft

« on: August 29, 2008, 07:03:20 AM »

I think I'm confused. just received this advice in an email from Mircosoft:

Quote

IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.

How does moving from a culture of blindly clicking on links to blindly cut&pasting said links help protect against phishing??? Oh, and the 'as described above? is a long and confusing URL....

Please help, my head hurts....


	Logged

A little bit of sanity:
http://www.infosanity.co.uk

BillV

Hero Member

Offline

Posts: 881

Re: Advice from Microsoft

« Reply #1 on: August 29, 2008, 07:19:53 AM »

Haha... nice...

I would guess they're thinking is that a lot of links are typically similar to "hey, come over to www.ebay.com and give us your login!"


	Logged

sgt_mjc

Full Member

Offline

Posts: 166

Re: Advice from Microsoft

« Reply #2 on: August 29, 2008, 08:30:07 AM »

I think you are right there Bill. That may very well be the thought process behind it. Though, wouldn't it make more sense to not go there in the first place? Good defense is always trumped by dumb user.


	Logged

Mike Conway
CompTia Security +
C|EH

mad_irish

Newbie

Offline

Posts: 16

Re: Advice from Microsoft

« Reply #3 on: August 29, 2008, 08:42:20 AM »

What's even scarier is that tactic fails to prevent many common phishing tactics. For instance, using a domain name that looks like the target in specific fonts (substituting 1's for lower case L's for instance) or misspelled domain names. Not to mention that if a link spans multiple lines and it's sometimes tough for users to cut and paste the whole thing. Microsoft needs to do their security reading (http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf) first before issuing statements like this Sad


	Logged

BillV

Hero Member

Offline

Posts: 881

Re: Advice from Microsoft

« Reply #4 on: August 29, 2008, 10:01:14 AM »

Quote from: sgt_mjc

Though, wouldn't it make more sense to not go there in the first place?

Exactly what makes this "advice" funny

RR - can you forward that email over to me?


	Logged

dalepearson

Full Member

Offline

Posts: 163

Re: Advice from Microsoft

« Reply #5 on: August 29, 2008, 10:08:19 AM »

I am sure it will all be fixed once IE8 goes gold Cheesy


	Logged

:: Security Active ::

RoleReversal

Hero Member

Offline

Posts: 507

Re: Advice from Microsoft

« Reply #6 on: August 29, 2008, 10:51:59 AM »

Quote from: BillV on August 29, 2008, 10:01:14 AM

RR - can you forward that email over to me?

check your inbox


	Logged

A little bit of sanity:
http://www.infosanity.co.uk

Pages: [1] Go Up

« previous next »

Jump to:

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

Recent Forum Topics

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!