ICA warns against fake website phishing for passport numbers
April 8, 2016
FANGyesterday
strange ..... why bother to warn is ? ICA should simply detect fake WEBsite and destroy it promptly and immediately and spontantously. then no public advisory needed.
ricky l4 seconds ago
Sorry, how to "detect fake WEBsite and destroy it promptly and immediately and spontantously"?
(1) Anyone can develop a web page and host the web page with any service providers anywhere in the World - in a web hosting server.
To detect a fake website --- you need to do a "webcrawl" 24 hours continuously on the world wide web in the Internet - you know the resources needed? Even the best search engines - may miss a few sites.
(2) Even if you manage to detect a fake website - how can you destroy it promptly and immediately and spontaneously?
For eg. a fake website is hosted in Amazon, can you destroy the website without the administrator authentication access and password?
If you are able to do so, you will probably get sued by Amazon - for hacking the Amazon admin access to take down the hackers' web site.
You will need to write in formally to Amazon citing a phishing case (provided there is international cooperation with Interpol or international law) to issue such a "warrant" with overseas service provider.
(3) If you don't publish this advisory, anyone in the World may used it and got hacked.
ricky l4 seconds ago
There is some ways to redirect the fake web page back into the official web page --- :-
(1) eg. cross-scripting
(2) SQL injection
into the fake websites - if the fake websites is did not do a robust validation of their fake websites.
And then this become "white hacking".
ricky l4 seconds ago
Even if we have a powerful "webcrawlers" or "search engines" that do 24 hours web-crawling to detect fake web pages ------ imagine, there are hundreds and thousands and even millions of official web pages.
Then how are you going to customise the "webcrawlers" or "search engines" to compare it to detect "fake webpages" in the Internet all over the World especially if the web page contents are dynamic one that is constantly changing?
No comments:
Post a Comment