funsec mailing list archives

Re: Nordea Sweden shuts Internet banking due to targeted phishing

From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Oct 2005 11:01:53 -0400

On Wed, 05 Oct 2005 15:48:32 BST, Drsolly said:

On Wed, 5 Oct 2005, Dan Kaminsky wrote:

Banks could fix the phishing problem if they had the incentive. It isn't 
bad enough yet to make them want to fix it.

Once we move to phishers with rootkits, it's kind of game over.  
Majority of hosts are infected with spyware, ya know.

 
You won't be able to rootkit the credit-card sized gizmo.


You don't have to, if you can MITM the transaction.  Wait for the user to hit
the bank, read the challenge, snarf the gizmo's reply code as the user enters it.
Then submit your *own* transaction, and then submit the user's transaction. That
then complains about the code having been used already - but the damage is done.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- - - Re: Nordea Sweden shuts Internet banking due to targeted phishing Justin Mason (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
    - RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Richard Cox (Oct 04)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
    - RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
  - Re: Nordea Sweden shuts Internet banking due to targeted phishing Andreas Östling (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targeted phishing Josh Daymont (Oct 05)

(Thread continues...)