funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re[4]: The end of Phishing in sight?

From: "Douglas F. Calvert" <douglasfcalvert () gmail com>
Date: Tue, 18 Oct 2005 00:40:56 -0400
On 10/17/05, Marius Gheorghescu <mariusg () microsoft com> wrote:


MITM attack is only possible in the schemes without an initial secure
channel (or previously agreed keys). Or better said, it's always
possible in schemes without an initial secure channel.



THis is what I do not get. A lot of other times in infosec we need to
worry about the lack of an initial secure channel, but in this case it
is not a cut and dry case. In fact the guidance even hints at this
fact when they talk about CIP and the patriot act. Traditional banking
still relies on customers walking in and opening an account. This is
the perfect time for key distribution. Of course this does not protect
against ID theft but it puts a serious damper on phishing and
significantly raises the costs on the attacker in the case of ID
theft. Merely walking into a bank costs a lot more than opening an
account online. Furthermore the video surveilance present in the banks
increases the likelihood that the attacker will be apprehended.

--
--dfc
douglasfcalvert () gmail com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: