PhishTank is operated by OpenDNS, a free service that makes your Internet safer, faster, and smarter. Get started today!

PhishTank in the News: October 10, 2006

posted by Allison on October 10th, 2006 in PhishTank, Members, PhishTank in the news

Yesterday eWEEK published a great column from seasoned security expert Larry Seltzer about PhishTank. I encourage everyone to read it as it addresses some important issues and concerns. Larry acknowledges that “The [PhishTank] voting system is good because it’s fair and effective, but it also makes it imperative that a large community be constantly examining the submissions and voting.” And Larry’s eWEEK colleague Ryan Naraine also wrote a well-informed news article about the site.

Thanks go to Eric Suesz at Macworld, for writing an article comparing PhishTank and OpenDNS to Symantec’s Norton Confidential for Mac. Eric raises some good points about phishing, including one in particular I agree with: “Maybe the solution to phishing is all about community.” Like the way you’re thinkin’ Eric.

Mark Joseph Edwards at Windows IT Pro, too, gets our thanks for his PhishTank article published yesterday. His headline, “PhishTank Aims to Blow Scammers Out of the Water,” is great and a play on the name of the site that I hadn’t yet heard. (And believe me, I thought I’d heard them all. ;) )

CNET’s security guru Joris Evers takes a look at PhishTank one week into its life and reports that, at presstime, PhishTank had about 2,300 (!!) submissions. Joris mentions CastleCops, an organization we’re big fans of.

Last but certainly not least, UK tech writer Matthew Broersma wrote an article about PhishTank yesterday for Techworld.com that was picked up state-side by CIO Magazine. Glad to see he aknowledged Spamfighter, our No. 1 submitter with a total of 454 phishes - and climbing.

 
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.

2 Responses

  1. Stuart

    I recognize phishes by the forged or unrelated email headers, not by the URLs. For instance, ebay is not going to send their official mail from hotmail. The outright forgeries (10000+ per day just to me) are rejected in SMTP envelope via SPF (http://new.openspf.org) protocol and some adhoc heuristics (e.g. reject connections using my own domain in HELO, reject invalid numeric HELO like 1.2.3.4). So I find it a little difficult to judge whether something is a phish based just on a website.

    — posted by Stuart on October 10th, 2006 at 4:52 pm

  2. Matt

    I agree Stuart, it is kind of tough, if they were easy to pick out, they wouldn’t be effective ;) . I’m working on putting together a
    program called Bobber (think long and hard about that one) that will look at the URI itself (not the content of the website) and give
    odds on if that site is a phish or not. I’m not sure how effective it will be because it’s not made yet, but with the number of phishes
    i’ve verified so far, I see a lot of very promising trends.

    — posted by Matt on October 10th, 2006 at 6:26 pm

Leave a Reply

Server: pt2