WebApp Sec mailing list archives
RE: Article - A solution to phishing
From: "Damhuis Anton" <DamhuisA () aforbes co za>
Date: Fri, 26 Nov 2004 10:33:30 +0200
Hi Michael. I read the article, and was quite interesting. Scenario: Email is used as Login. The biggest problem to me would be that if the mail is intercepted, by a 3rd party with in the 15 minutes they have all the details to log in. Scenario: A PIN number is used as Login This would be a lot better. Since the 3rd party can see a password, when intercepting the email, but has no idea for which PIN number it can be used. Therefore the information sent to the users email is still save even in the short period. (Unless maybe the 3rd party is sniffing the HTTP and SMTP traffic). Our Rule of thumb is: One should never send all the details in an email that a person can use to log in. Regards Anton -----Original Message----- From: Michael Silk [mailto:michaels () phg com au] Sent: 23 November 2004 05:41 To: webappsec () securityfocus com Subject: Article - A solution to phishing Hi, Just a quick little article about a login system that, should (i think :)), prevent phishing attempts on your site. http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm l Have a look at it and let me know what you think ... and apologies to anyone if an idea like this is already out there :) -- Michael Confidentiality Warning ======================= The contents of this e-mail and any accompanying documentation are confidential and any use thereof, in what ever form, by anyone other than the addressee is strictly prohibited.
Current thread:
- Article - A solution to phishing Michael Silk (Nov 25)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 27)
- RE: Article - A solution to phishing Christopher Canova (Nov 27)
- Re: Article - A solution to phishing Andi McLean (Nov 27)
- Re: Article - A solution to phishing ZedGama3 (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 27)
- Re: Article - A solution to phishing Peter Conrad (Nov 27)
- Re: Article - A solution to phishing John West (Nov 27)
- Re: Article - A solution to phishing Paul Johnston (Nov 27)
- <Possible follow-ups>
- RE: Article - A solution to phishing Damhuis Anton (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing Robin Balean (Nov 27)
- RE: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 29)
- Re: Article - A solution to phishing Michael Silk (Nov 29)
- Re: Article - A solution to phishing Rogan Dawes (Nov 30)
- Re: Article - A solution to phishing Adam Shostack (Dec 01)
- Re: Article - A solution to phishing Rogan Dawes (Dec 03)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Dec 14)