> I actually think that you should only visit those sites from a secure > isolated VM/VLAN running FF and NoScript (unless you want to get > infect for analysis purposes, then do it from ff or ie in a private > vlan, but I digress.
For exploring the phish, this has always worked well for me: $ alias curl='curl -A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"' $ curl -v http://evil.phish.site It's not pretty, but it lets me see what I need to see. If I really want to see the rendered page, I use Opera under linux. I'm not convinced that malware drops and phish go hand in hand, but better safe then sorry. > On to my point: Putting in swearwords is stupid. If you are going to > try and piss off phishers, but in semi-legitimate information so that > they have to spend the time finding out which cards are real or not. I know quite a few average users that think giving bogus data or insults to phish forms pollutes the dataset so it's harder for phishers to glean real data. I disagree because I doubt phishers are manually going thru the data. -avery _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
