funsec mailing list archives
Re[2]: The end of Phishing in sight?
From: Pierre Vandevenne <pierre () datarescue com>
Date: Mon, 17 Oct 2005 23:09:40 +0200
Good Day, FW> In Germany, we have both: two-factor authentication and phishing. FW> This should tell you something about the effectiveness of two-factor FW> authentication. *sigh* Well, it's not a question of agreeing or disagreeing - just thinking about it. Do you have any links to successful phising cases involving both password/login combos and tokens supporting digital signatures? I'd really like see the details of such cases. With MITM being the magic bullet, I don't doubt it could work in some cases. But targeting a ssl web site where the customer has safely gone before, carrying an MITM on the login, executing an operation and convincing the customer to sign for it (for example by substituting another operation) and relying on the customer who is logged not seeing that the pending operation isn't the one he signed for is really much more involved than stealing a login. I am sure implementations will differ and some of them will be better than others though. note: I have no link to that industry and would have resented having to pay for the token if I had had to. -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The end of Phishing in sight?, (continued)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Dave Dittrich (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- RE: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Paul Schmehl (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)