funsec mailing list archives
Re: Nordea Sweden shuts Internet banking due to targeted phishing
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 05 Oct 2005 10:20:09 -0700
Drsolly wrote:
Certainly this can be compromised via a man-in-the-middle attack (although that could be made really more difficult to do), or by reverse-engineering the algorithm that the gizmo uses (but maybe you make the gizmo programmable, so the algorithm changes each month) but it eliminates the phishing problem, which is, like, 99.9% of the problem, and anything that handles 99.9% of a problem is a Good Thing.
You cannot secure against MITM attacks, if the user is willing to ignore any certificate warnings, or more likely, don't notice the missing lock. Heck, you can spoof that, too. Dan did a nice demo fo that for me in a chapter he wrote in one of our books a few years back.
The fun thing is, phishing makes the MITM attack trivial for the attacker. BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Steven Champeon (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Justin Mason (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Richard Cox (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)