Friday, 16. September 2005
PermaLink Two wrongs. Or three. Or more?
A comment was posted here last night touting a service called "PhishFighting.com" (that is not a link deliberately - go there if you wish but no click throughs from me). Look at the bottom of this page to see what's left of the comment.

PhishFighting.com says "Just enter the Phishing emails REAL url below and watch as realistic looking, fake, entries are continously sent to the Phishers fake site."

Oh dear. Here we go again fighting abuse with abuse. Two wrongs don't make a right. But wait. There is at least a third wrong here too - sloth.

The poster got here by a simple Google search on "phish emails" and posted the comment on the first and only page he hit. That is at least lazy; there are plenty of other pages here where the comment may have been more fitting to the existing context. So, we see here a hit and run comment spammer to boot.

I did a Google Blog Search to see who else is talking about this and found 5 blogs that mention it. Four of those carry stories along the lines of "tee hee, what a jolly jape - can't wait to try it". One correctly identifies the manifold problems with the approach which in general smacks of unthinking vigilantism.

  1. Who are we punishing here? Not the phisher certainly. We are simply adding to the existing troubles of some poor sap whose computer has been compromised by malware.

  2. How much data is already input via phishing sites? Do phishers weed through it all manually or do they have software tools to validate the input? And if the latter, exactly how much inconvenience will they suffer as a result of a few thousand deliberately bogus entries alongside the very many which are accidentally so?

  3. This one's a doozie - What is phishfighting's "Method One" for retrieving a phishing URL?  They say "Simply click on the link and copy the real url from the browser bar". No I didn't make this up. Just how stupid do you have to be knowingly to point a real web browser at a site hosted on a malicious machine?

    (Yes, for us advanced users there is the trusty Sam Spade safe browser obviously).

  4. ... and there is NOTHING on the phishfighting site that teaches users how to report phish sites to ISPs and get them shut down legitimately.

Make that the fourth wrong. The people responsible for PhishFighting are clearly suffering from False Authority Syndrome.

Category: Phish
Technorati:

Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info

Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Contact Me
email - Chris Linfoot