funsec mailing list archives

Re: Bank of America's SiteKey scheme for protecting online bank accounts

From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 22 Oct 2005 18:55:00 +0200

* Richard M. Smith:

What do folks think about Bank of America's new SiteKey system for
protecting online bank accounts:


It's still vulnerable to man-in-the-middle attacks if the terminal has
been compromised. 8-(

I'm not even sure if it is possible to implement this securely on
today's browsers (assuming that the end system is not owned by the
attacker).  At least it's very hard.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Bank of America's SiteKey scheme for protecting online bank accounts Richard M. Smith (Oct 19)
- Re: Bank of America's SiteKey scheme for protecting online bank accounts Nick FitzGerald (Oct 19)
- Re: Bank of America's SiteKey scheme for protecting online bank accounts Valdis . Kletnieks (Oct 20)
- Re: Bank of America's SiteKey scheme for protecting online bank accounts Florian Weimer (Oct 22)