funsec mailing list archives
Re: Re[4]: The end of Phishing in sight?
From: "Douglas F. Calvert" <douglasfcalvert () gmail com>
Date: Tue, 18 Oct 2005 00:40:56 -0400
On 10/17/05, Marius Gheorghescu <mariusg () microsoft com> wrote:
MITM attack is only possible in the schemes without an initial secure channel (or previously agreed keys). Or better said, it's always possible in schemes without an initial secure channel.
THis is what I do not get. A lot of other times in infosec we need to worry about the lack of an initial secure channel, but in this case it is not a cut and dry case. In fact the guidance even hints at this fact when they talk about CIP and the patriot act. Traditional banking still relies on customers walking in and opening an account. This is the perfect time for key distribution. Of course this does not protect against ID theft but it puts a serious damper on phishing and significantly raises the costs on the attacker in the case of ID theft. Merely walking into a bank costs a lot more than opening an account online. Furthermore the video surveilance present in the banks increases the likelihood that the attacker will be apprehended. -- --dfc douglasfcalvert () gmail com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The end of Phishing in sight?, (continued)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Blanchard_Michael (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: The end of Phishing in sight? Mark C (Oct 17)
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)
- Re: Re[4]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Security Lists (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- The end of Phishing in sight? Gary Warner (Oct 18)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
(Thread continues...)