funsec mailing list archives

RE: The end of Phishing in sight?

From: "Henderson, Dennis K." <Dennis.Henderson () umb com>
Date: Mon, 17 Oct 2005 17:25:40 -0500

Securid's pins are consumed as they are used, pin sync or login. Log it
all you want.... no dice.
 
 


  _____  

        From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org] On Behalf Of Security Lists
        Sent: Monday, October 17, 2005 3:39 PM
        To: funsec () linuxbox org
        Subject: Re: [funsec] The end of Phishing in sight?
        
        
        I believe a SecurID token has a full 3-minute window of
opportunity (more if you can get the user to enter two subsequent token
#'s I believe, that's what's needed for token resync sequence), Phisher
could simply script an instant automated MITM that would log them in
on-the-fly, PIN and all.
        
        -Mark C
        
        
        Dave Killion wrote: 



                On 10/17/05, Paul Schmehl <pauls () utdallas edu> wrote: 


                        OK, I'll bite.  Are the banks going to be forced
to provide the readers?
                        Or is online banking going to become a thing of
the past?
                        


                ETrade is already providing certain select customers
with SecurID tokens.
                
                -- 
                Dave Killion, CISSP
                Contributing Author, Configuring NetScreen Firewalls
                PGP Key Fingerprint: 
                E477 488D 4340 D04F DD94 2A65 048C B376 D50B 45C8 
                
  _____  


                _______________________________________________
                Fun and Misc security discussion for OT posts.
                https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
                Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: The end of Phishing in sight?, (continued)
- - - Re: The end of Phishing in sight? Florian Weimer (Oct 17)
    - Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
    - Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
    - Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 17)
  - Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
  - Re: The end of Phishing in sight? Blue Boar (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Blanchard_Michael (Oct 17)
  - Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)
  - RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
  - Re: The end of Phishing in sight? Mark C (Oct 17)
    - Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)
  - Re: Re[4]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
  - Re: The end of Phishing in sight? Security Lists (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
  - RE: The end of Phishing in sight? Richard M. Smith (Oct 18)

(Thread continues...)