funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The end of Phishing in sight?

From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 17 Oct 2005 13:38:48 -0700
Fergie (Paul Ferguson) wrote:

Federal regulators will require banks to strengthen security for
Internet customers through authentication that goes beyond mere user
names and passwords, which have become too easy for criminals to
exploit.
So (to take Gadi's POV that we're training the bad guys to be better bad guys.)
I already know how to get around this kind of system, and have described it here before (I think it was here.) You proxy the connection live.
Right now, you personally can have some safety with two-factor by virtue of the fact that there are so many phishing targets that don't use it, so the bad guys take the lazy way out and target them. You don't have to be faster than the bear, just faster than the other guy with you.
So it the government mandates these for banks, don't the bad guys just switch to proxying? Or do they start to hit the not-banks, like Amazon and PayPal, that much harder? 

                                        Ryan
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: