On 24/12/06, Eric Nelson <emanmb@xxxxxxxxx> wrote:
Re: gmail, I have gotten some phishing/scammer/spam emails from gmail and attempts to get the the source of the email (i.e. the ISP) end at Google. I assume that is why they may be prefered as a good place to launch scams/spams, and phishing expeditions.
Google is limited in how they can stop people from spoofing their addresses. MTA (Mail Transfer Agents) or SMTP servers often implement a type of call back to the originating server.. So say someone attempts to spoof a gmail address, if the receiving host implements this call back, it will contact gmail's server and ask if this address does in fact exist.. Gmail will then reply yes or no.. Now, this only works if the originating server implements this function and this of course does not stop "joe jobbing" which is when your address is used to spoof.. The call back only stops phishers from using non existent addresses. Spoofing which originates from Gmail itself probably exists, but I suspect in very limited quantities and for not very long. The best approach is to implement 2nd and 3rd factor security.. Ebay and Paypal needs to implement this very quickly as the spoofing attacks to both of those sites is very, very high. Generally, hackers work on the principle of the "lowest hanging fruit". Which is to say, they go after sites that have the weakest security measures. It looks like Paypal is starting to implement these measures.. Log into your account into Paypal, change your passwords frequently and notice that they now have security questions.. I don't think however this uses true 2nd factor authorization (system which checks your user patterns and when differs prompts the user to enter the answers to predefined questions).. The phishers are so good, that in a recent meeting with security architects at a large bank here in Canada, they said they now see phishing emails that not only steal your password and username, but also log you into the targeted site after they steal your credientials! Imagine, you are sent to a fake website that looks just like the website you normally visit, you enter your credentials, they steal them and then use them to log you into the real website! This way, you never suspect a thing. What's changed however, is in the past sites would claim these problems aren't theirs since the breach didn't occur on their sites. This is no longer the case. Websites are now responsible for phishing attacks to their sites. Ok, that all incredibly off topic. J -- Justin F. Knotzke jknotzke@xxxxxxxxxx http://www.shampoo.ca