funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nordea Sweden shuts Internet banking due to targeted phishing

From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 05 Oct 2005 10:20:09 -0700
Drsolly wrote:

Certainly this can be compromised via a man-in-the-middle attack (although
that could be made really more difficult to do), or by reverse-engineering
the algorithm that the gizmo uses (but maybe you make the gizmo
programmable, so the algorithm changes each month) but it eliminates the
phishing problem, which is, like, 99.9% of the problem, and anything that
handles 99.9% of a problem is a Good Thing.
You cannot secure against MITM attacks, if the user is willing to ignore any certificate warnings, or more likely, don't notice the missing lock. Heck, you can spoof that, too. Dan did a nice demo fo that for me in a chapter he wrote in one of our books a few years back. 

The fun thing is, phishing makes the MITM attack trivial for the attacker.

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: