Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Web Application Security
Article - A solution to phishing Nov 23 2004 03:40AM
Michael Silk (michaels phg com au) (9 replies)
Re: Article - A solution to phishing Nov 26 2004 05:45PM
Paul Johnston (paul westpoint ltd uk)
Re: Article - A solution to phishing Nov 26 2004 05:27PM
John West (jwest23 gmail com)
Re: Article - A solution to phishing Nov 26 2004 02:02PM
Andi McLean (andi_mclean ntlworld com)
RE: Article - A solution to phishing Nov 26 2004 08:35AM
Christopher Canova (canovac earthlink net)
RE: Article - A solution to phishing Nov 26 2004 08:35AM
Christopher Canova (canovac earthlink net)
Re: Article - A solution to phishing Nov 26 2004 07:58AM
Peter Conrad (conrad tivano de)
Re: Article - A solution to phishing Nov 26 2004 04:48AM
Joseph Miller (joseph tidetamerboatlifts com)
Re: Article - A solution to phishing Nov 26 2004 03:46AM
ZedGama3 (zedgama3 gmail com)
Re: Article - A solution to phishing Nov 25 2004 10:10PM
Saqib N Ali seagate com
Hello Michael,

Interesting article, and well-written.

The technique you are proposing is very similar to assigning a RSA
SecureID to each of the banc customer. Except in this case the customer
doesn't hold the physical SecureID, instead he/she is sent the
auto-generated number.

One major problem of these kind of systems is that, they are dependent on
3rd party service being available whenever the customer wants to access
the banc. In this case the 3rd party service is the customer's personal
email provider, which may not be available all the time.

RSA SecureID has the same problem, i.e. what if the customer loses his/her
SecureID and is at a remote location where he/she can not physically go to
banc branch.

Thanks.
Saqib Ali
http://validate.sf.net

"Michael Silk" <michaels (at) phg.com (dot) au [email concealed]>
No Phone Info Available
11/22/2004 07:40 PM

To
<webappsec (at) securityfocus (dot) com [email concealed]>
cc

Subject
Article - A solution to phishing

Hi,

Just a quick little article about a login system that, should (i
think :)), prevent phishing attempts on your site.


http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm

l

Have a look at it and let me know what you think ... and apologies
to anyone if an idea like this is already out there :)

-- Michael

**********************************************************************
This email message and accompanying data may contain information that is
confidential and/or subject to legal privilege. If you are not the
intended recipient, you are notified that any use, dissemination,
distribution or copying of this message or data is prohibited. If you have
received this email message in error, please notify us immediately and
erase all copies of this message and attachments.

This email is for your convenience only, you should not rely on any
information contained herein for contractual or legal purposes. You should
only rely on information and/or instructions in writing and on company
letterhead signed by authorised persons.
**********************************************************************

[ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus