funsec mailing list archives
Re: The end of Phishing in sight?
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 Oct 2005 17:14:42 -0400
On Mon, 17 Oct 2005 16:22:24 EDT, Chris Buechler said:
The official FIL is here: http://www.fdic.gov/news/news/financial/2005/fil10305.html
Thanks muchly. Somebody needs to be slapped silly, but it isn't the FDIC. The FIL is *very* careful to say nothing more than "it's dangerous out there, you probably need to verify your users better". In fact, the only mention of phishing in the whole 14-page PDF is in this paragraph: "The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Single-factor authentication tools, including passwords and PINs, have been widely used for a variety of Internet banking and electronic commerce activities, including account inquiry, bill payment, and account aggregation. However, financial institutions should assess the adequacy of such authentication techniques in light of new or changing risks such as phishing, pharming, 7 malware, 8 and the evolving sophistication of compromise techniques. Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks." OK.. Got that? FDIC didn't think it was stopping phishing - all it thought it was doing was requiring better authentication on websites.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re[2]: The end of Phishing in sight?, (continued)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Speaking of phishing xyberpix (Oct 18)
- Re: Speaking of phishing Richard Cox (Oct 18)
- Re: Speaking of phishing xyberpix (Oct 19)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Justin Mason (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Message not available
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 18)
- RE: Re[4]: The end of Phishing in sight? Aditya Deshmukh (Oct 18)
- Re: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Dave Dennis (Oct 18)