Re: The end of Phishing in sight?

[Valdis.Kletnieks () vt edu]

On Mon, 17 Oct 2005 19:06:13 -0000, "Fergie (Paul Ferguson)" said:
> Federal regulators will require banks to strengthen security for Internet
> customers through authentication that goes beyond mere user names and
> passwords, which have become too easy for criminals to exploit.

It's maybe perhaps the start of something...

Most likely, the start of pushing a squishy problem around so it's squishing
into someplace else.

Remember - the only thing this will stop is phishing for enough info so that
the phisher can logon to the bank's website.  It doesn't do squat for phishers
that snag a credit card number and use that to order a bunch of stuff, or
phishers that snag a checking account number and use that to do something
devious, or phishers that snag an SSN and use it to...

Ah hell.. What percent of the time *do* the phishers turn around and actually
login to the bank's website? ;)

(I'll bet a large pizza with everything on it that if said rules go through, in
the first 6 months we'll see at least one bank will deploy something meeting
the rules as written, but still totally vulnerable to a MITM attack).

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.