RE: The end of Phishing in sight?

["Richard M. Smith" <rms () computerbytesman com>]

So this will guard against a Securid stolen by spyware, but not by phishing,
right?
 
Richard

  _____  

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Henderson, Dennis K.
Sent: Monday, October 17, 2005 6:26 PM
To: Security Lists; funsec () linuxbox org
Subject: RE: [funsec] The end of Phishing in sight?


Securid's pins are consumed as they are used, pin sync or login. Log it all
you want.... no dice.
 
 


  _____  

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Security Lists
Sent: Monday, October 17, 2005 3:39 PM
To: funsec () linuxbox org
Subject: Re: [funsec] The end of Phishing in sight?


I believe a SecurID token has a full 3-minute window of opportunity (more if
you can get the user to enter two subsequent token #'s I believe, that's
what's needed for token resync sequence), Phisher could simply script an
instant automated MITM that would log them in on-the-fly, PIN and all.

-Mark C


Dave Killion wrote: 



On 10/17/05, Paul Schmehl <pauls () utdallas edu> wrote: 


OK, I'll bite.  Are the banks going to be forced to provide the readers?
Or is online banking going to become a thing of the past?



ETrade is already providing certain select customers with SecurID tokens.

-- 
Dave Killion, CISSP
Contributing Author, Configuring NetScreen Firewalls
PGP Key Fingerprint: 
E477 488D 4340 D04F DD94 2A65 048C B376 D50B 45C8 


  _____  


_______________________________________________

Fun and Misc security discussion for OT posts.

https://linuxbox.org/cgi-bin/mailman/listinfo/funsec

Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.