funsec mailing list archives
RE: The end of Phishing in sight?
From: Jeff Rosowski <rosowskij () ie ymp gov>
Date: Tue, 18 Oct 2005 15:42:14 -0700 (PDT)
I agree that a USB dongle is probably the best choice for a two-factor authentication scheme. However, a USB dongle is still attackable via spyware. A spyware program can inject JavaScript code in banking Web pages to steal money after a victim has logged into their account. Perhaps IE needs to turn off DOM access by external programs, BHOs, and toolbars for https: Web pages.
I think the best solution is a two person authorization on all transactions, similar to what they do in norad and the nuke silos. If you don't have a person you explicitly trust enough, that leads well into a good use for human cloning. :P
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: The end of Phishing in sight?, (continued)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- The end of Phishing in sight? Gary Warner (Oct 18)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Jeff Rosowski (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Fergie (Paul Ferguson) (Oct 18)
- Re: Re[4]: The end of Phishing in sight? Dr. Neal Krawetz (Oct 19)
- Re[6]: The end of Phishing in sight? Pierre Vandevenne (Oct 19)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)