Gah it's not the fact phishing is possible that's the problem, it's that from the social engineering aspect this system of communities is way easier to exploit for phishing.
Anyways, just warning from the perspective of understanding this stuff pretty well.
I understand this stuff pretty well, too, and I disagree. The ignorant and those who don't pay attention will fall for spoofs either way.
Are you arguing all the .gov and .us TLDs that cities hit with ransomware use should also be changed? Most of those have been phishing attacks. I've seen it happen with ibm.com and bankofthewest.com too. What do you suggest in those cases?
I think what's he getting at is that reddit does it all under one domains so no matter which /r you go to you are sure it's still under the umbrella of protection the rest of the site provides,...but if we just start cranking out.wins then there will be lots of room for exploitation,..."hey pedes, just started this NEW .win get in while the gettins good"
I understand, but I think it's a pick-your-poison situation. Either site structure can be attacked in various ways. I doubt reddit is as secure as it looks, either.
Um, you can phish against any hostname you can spoof. IOW, all of them, including thedonald.win.
The "security hole" is clicking a link without verifying it leads where it says. We call that the Podesta syndrome.
Don't be a Podesta.
Gah it's not the fact phishing is possible that's the problem, it's that from the social engineering aspect this system of communities is way easier to exploit for phishing.
Anyways, just warning from the perspective of understanding this stuff pretty well.
I understand this stuff pretty well, too, and I disagree. The ignorant and those who don't pay attention will fall for spoofs either way.
Are you arguing all the .gov and .us TLDs that cities hit with ransomware use should also be changed? Most of those have been phishing attacks. I've seen it happen with ibm.com and bankofthewest.com too. What do you suggest in those cases?
I think what's he getting at is that reddit does it all under one domains so no matter which /r you go to you are sure it's still under the umbrella of protection the rest of the site provides,...but if we just start cranking out.wins then there will be lots of room for exploitation,..."hey pedes, just started this NEW .win get in while the gettins good"
I understand, but I think it's a pick-your-poison situation. Either site structure can be attacked in various ways. I doubt reddit is as secure as it looks, either.