dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to Name Game

Re: Using the HTML5 Fullscreen API for Phishing Attacks

said by Name Game:

Are you telling me you think he means 10% of total number of the web users out there ?

Nope, he means 10% of the web users that land on such a phish page.
said by Name Game:

"Because after analyzing tens of thousands of phish campaigns from start to finish I've never seen a 1% return rate or anything even close to 1% which makes any discussion of 10% irresponsible."

Define these return rates. and your tens of thousands.

You still can't find anything that supports your 10%.
I suppose you found references that support your 10% belief but have chosen to not post them for some reason.
That's as believable as a 10% success rate for a phish campaign.
Just in case you're being serious & not just trying deflect attention away from your inability to find even a single reference that supports your 10% belief Tens of thousands = 10K+ phish campaigns that I've personally analyzed from start to finish.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
"Because after analyzing tens of thousands of phish campaigns from start to finish I've never seen a 1% return rate or anything even close to 1% which makes any discussion of 10% irresponsible."

Now put that in real words..not just your % thingie..what is "return rate" and tell us about "tens of thousand"..and define what you mean by "campaigns"..and I am not trying to pull your chain..but since you used that to make a statement that you thought the authors 10% was wrong and he knew nothing about phish...I have no idea what you are talking about..and I still think at least 10% and maybe more of the peeps that saw a real exploit like the one he just did this POC (proof of concept)..would be clicking away.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Name Game:

Now put that in real words..

You have a funny way of saying that you are unable to find any reference whatsoever to a 10% success rate on phish content.
Zero, zippo, nada, nothing.
The difference between you & I that is creating conflict is that while I accept that I'll make a mistake you'll just try to BS your way out.
Good luck Mr. Perfection!, that's a heavy but unnecessary load to carry.
I'm done with this thread, I'm conceding that your BS is superior to my tolerance for same.

Edit to add: Your Praetorian example was not an "in the wild" event but a controlled study. Get real, as in real events.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
Your musings over for me..you mix apple with oranges and you get bananas...but feel free to make a comment at his site like others have done..

»feross.org/html5-fullscreen-api-attack/

And tell him why he is irresponsible in saying ..

Humans are terrible at spotting subtle changes

If this attack were used in the wild, I bet at least 10% of web users would get phished (probably many more).

and doesn't speak well to his knowledge of phishing.

"Because (you) after analyzing tens of thousands of phish campaigns from start to finish I've never seen a 1% return rate or anything even close to 1% which makes any discussion of 10% irresponsible."

I think he will respond to you.
There is already 127 comment
»news.ycombinator.com/item?id=4629906

»news.ycombinator.com/item?id=4630156

--
Gladiator Security Forum
»www.gladiator-antivirus.com/