funsec mailing list archives
Re: The end of Phishing in sight?
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 17 Oct 2005 13:38:48 -0700
Fergie (Paul Ferguson) wrote:
Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
So (to take Gadi's POV that we're training the bad guys to be better bad guys.)
I already know how to get around this kind of system, and have described it here before (I think it was here.) You proxy the connection live.
Right now, you personally can have some safety with two-factor by virtue of the fact that there are so many phishing targets that don't use it, so the bad guys take the lazy way out and target them. You don't have to be faster than the bear, just faster than the other guy with you.
So it the government mandates these for banks, don't the bad guys just switch to proxying? Or do they start to hit the not-banks, like Amazon and PayPal, that much harder?
Ryan _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re[2]: The end of Phishing in sight?, (continued)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 18)
- RE: Re[4]: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Dave Dennis (Oct 18)
- Re: The end of Phishing in sight? Craig Webster (Oct 18)
- RE: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- RE: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)