Monday, 2. October 2006
PermaLink PhishTank
PhishTank(R) Out of the Net, into the Tank.

And speaking of phish, here's an interesting new site brought to you by those nice people who brought you OpenDNS.

  • "PhishTank is a free community site that aims to be an accurate clearing house of phishing data.
  • "Users submit their phishes through email, the web, or via APIs.
  • "Other users then can login to the Web site and verify phishes. There are backend systems which help prevent gaming of the voting mechanisms to ensure that there are no false positives.
  • "PhishTank closes the 'feedback loop' with end users to let them know of the status' of the phish they submit either via email alerts or a personal RSS feed. This is in contrast to the black box nature of most anti-phishing services on the net (run by security companies who want the data kept private).
  • "PhishTank has a free and open API. The goal of this API is to allow any developer to use the data in the PhishTank and help put an end to phishing in their own applications."

If I read that last point correctly, the main beneficiaries of this will be phishing targets (banks, car manufacturers and so on).

It will be interesting to see whether any of them actually bother to use it. Last time I checked, most were still not publishing SPF which would make a phishing email purportedly from somebank.com but sent by an open proxy on a domestic DSL line transparently obvious.

And then there's Microsoft, which august organisation still goes out of its way to make its Technet emails look as much like phish as possible.

Still, PhishTank looks good to me. Certainly a refreshing change from the likes of PhishFighting...

Category: Phish
Technorati:

Comments :

1. Jerry Carter02/10/2006 16:48:59
Homepage: http://datatribesoftwerks.com


Sounds great.
/devil's advocate on/
What keeps the API from being used by Phishers to tune their phish?
/devil's advocate off/



2. Chris Linfoot02/10/2006 16:52:24


RT docs

http://www.phishtank.com/api_documentation.php



3. Jerry Carter02/10/2006 17:33:03
Homepage: http://datatribesoftwerks.com


(for those to lazy to click, like myself)
"Second, as an application developer you are required to register your application with us. That means you need an account. We don't ask a lot of questions but we use the information you give us to create your authorization page on the Phishtank so users can verify your application can access their data in the PhishTank."

I guess that's about all anyone can do. So long as someone keeps an eye on developers to make sure their use continues to match their stated intent.

The adversary is unscrupulous, and sometimes musters something resembling cunning.



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Dilbert