funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The end of Phishing in sight?

From: Security Lists <securitylists () uniontown com>
Date: Mon, 17 Oct 2005 16:38:49 -0400
I believe a SecurID token has a full 3-minute window of opportunity (more if you can get the user to enter two subsequent token #'s I believe, that's what's needed for token resync sequence), Phisher could simply script an instant automated MITM that would log them in on-the-fly, PIN and all. 

-Mark C


Dave Killion wrote:
On 10/17/05, *Paul Schmehl* <pauls () utdallas edu <mailto:pauls () utdallas edu>> wrote: 


    OK, I'll bite.  Are the banks going to be forced to provide the
    readers?
    Or is online banking going to become a thing of the past?


ETrade is already providing certain select customers with SecurID tokens.

--
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls
PGP Key Fingerprint:
E477 488D 4340 D04F DD94 2A65 048C B376 D50B 45C8

------------------------------------------------------------------------

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: