The phishers are launching sophisticated attacks on less known (to the X.509 CAs) financial institutions...
http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html ... This one -- targeting the tiny Mountain America credit union in Salt Lake City, Utah ... Geotrust's cert verification process is largely automated: when someone requests a cert for a particular site, the company sends an e-mail to the address included in the Web site's registrar records, along with a special code that the recipient needs to phone in to complete the process. ... [Geotrust] doubted that inserting a human into that process would have flagged the account as suspicious. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
