Re: Phishing detection from FQDN's as prefixes

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Phishing detection from FQDN's as prefixes

Francois Marier
(Moving thread to mozilla.dev.security)

On 09/08/17 03:04 PM, Adam Shannon wrote:

> Has anyone looked into what some use cases are for using a FQDN as a prefix
> in a hostname? (Or even how common such names in use are?) I could imagine
> setting up a proxy or archival service with such a scheme:
>
> www.google.com.corp.com/search?q=flowers
>
> www.myblog.net.proxy.com?rev=2017-08-09
>
> If a large percentage of hostnames with a FQDN prefix are phishing related
> it might be an initial pool for further research by agencies.

These researchers have looked at a similar idea:

  https://dl.acm.org/citation.cfm?doid=1314389.1314391

Francois
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Phishing detection from FQDN's as prefixes

Anne van Kesteren
On Thu, Aug 10, 2017 at 2:57 AM, Francois Marier <[hidden email]> wrote:

> On 09/08/17 03:04 PM, Adam Shannon wrote:
>> Has anyone looked into what some use cases are for using a FQDN as a prefix
>> in a hostname? (Or even how common such names in use are?) I could imagine
>> setting up a proxy or archival service with such a scheme:
>>
>> www.google.com.corp.com/search?q=flowers
>>
>> www.myblog.net.proxy.com?rev=2017-08-09
>>
>> If a large percentage of hostnames with a FQDN prefix are phishing related
>> it might be an initial pool for further research by agencies.
>
> These researchers have looked at a similar idea:
>
>   https://dl.acm.org/citation.cfm?doid=1314389.1314391

It seems a variant of the UX I propose in

  https://bugzilla.mozilla.org/show_bug.cgi?id=1376641

could also help to alert the user of these type of attacks.


--
https://annevankesteren.nl/
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
Loading...