in reply to Re: Automatic phish form filler
in thread Automatic phish form filler

Of course it's "more legal" than phishing. There are laws against phishing, and there are no laws against giving phishers false information. And since there's no attempt to harm or defraud anyone, it's more ethical, too.

Do you want to try to suppport your suggestion that it's illegal and/or unethical?

Caution: Contents may have been coded under pressure.

Replies are listed 'Best First'.
Re^3: Automatic phish form filler
by chromatic (Archbishop) on May 08, 2005 at 02:12 UTC

    Is there an effective difference between distributing a program that submits random information to an alleged phishing site a thousand times and distributing a DoS client, besides "Oh, but I don't like those people?"

    Do all phishing sites live on their own boxes with their own IP addresses, leased lines, and networks, or is there a possibility that there are innocent bystanders nearby?

[reply]
      There's certainly a difference between a hundred and a thousand. If thousands of people were hitting it thousands of times, it would be a DDOS. What I have proposed is orders of magnitude smaller, because my objective is not to carry out a DDOS.

      So yes, there is an effective difference. By design. I have no intention of dragging down the network. Filling out a form is not a high-bandwidth activity, and it will not be an activity that is synchronized among hundreds or thousands of users.

      I love the "alleged phishing site". Yeah, those are really hard to recognize definitively. There's always a chance that it's a legitimate site asking for you to "verify your password", despite the warnings posted on the home site of whomever they are spoofing saying that they will never do that.

      Caution: Contents may have been coded under pressure.
[reply]

        I think those are both lame defenses.

        Certainly someone who distributes a program designed to flood an alleged phishing site with false information may not intend that enough people use it to deny service to the target, but once the tool is out of his hands, how can he know how and how many people will use it? It's a destructive tool that may have thousands of simultaneous users. At least, that seems like a bad idea to me.

        I also say alleged because I have no confidence that a program will always identify phishing sites correctly, especially after malicious people realize that they can use the ad-hoc network of tool users to deny service to targets of their choosing by spoofing messages to make their targets look like targets.

        Again, it may not be the intent of the tool's creator to affect the innocent, but that doesn't make the tool a good idea as I see it.

[reply]

In Section Seekers of Perl Wisdom