Re: Nordea Sweden shuts Internet banking due to targetedphishing

[Blue Boar <BlueBoar () thievco com>]

Peter Kruse wrote:
> In particular are MITM attacks effective against netbanks using one-time
> passwords. This gives the attacker a small window of opportunity to exploit
> the login data submitted by a clueless user. 

The way you phrased that, I can't tell if it's a question or a statement 
agreeing with me.  In case it's a question; Yes, it works against any 
kind of one-time password, since the MITM attack is taking place 
more-or-less live, as I imagine it.

I proxy you logging in.  Maybe I used a few other proxies or an 
onion-routing network or something, to make it less trivial to track my 
phishing site down.  You provide your creds, I'm now logged into your 
account.  Even only stealing $1000 from 10 people before my site gets 
banned probably makes it worth my while.

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.