SecurityFocus

Article - A solution to phishing Nov 23 2004 03:40AM
Michael Silk (michaels phg com au) (9 replies)

Re: Article - A solution to phishing Nov 26 2004 05:45PM
Paul Johnston (paul westpoint ltd uk)

Hi Michael,

Interesting idea. Not unlike the way credit card companies will
sometimes phone you before authorizing a large transaction (never
happened to me, but they claim they do it). I think this is good as
supplemental authentication, but the delay waiting for the email and
such probably make it unsuitible as the main authentication technique.
In addition, if it is the ONLY authentication technique, then compromise
of the email account means compromise of all accounts using this
authentication.

Perhaps an interesting variation would be to SMS a pass code to a mobile
phone.

In fact, PayPal do something which is kind of similar. When you join,
they bill your card the membership fee, and put a random code in the
originator's reference. When you receive your bill and supply this
reference back to PayPal, your account is upgraded to "verified" status.
Very sensible precaution.

Regards,

Paul

Michael Silk wrote:

>Hi,
>
> Just a quick little article about a login system that, should (i
>think :)), prevent phishing attempts on your site.
>
>
>http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.ht
m
>l
>
> Have a look at it and let me know what you think ... and apologies
>to anyone if an idea like this is already out there :)
>
>-- Michael
>
>
>**********************************************************************
>This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments.
>
>This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons.
>**********************************************************************
>
>
>
>

--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul (at) westpoint.ltd (dot) uk [email concealed]
web: www.westpoint.ltd.uk

[ reply ]

Re: Article - A solution to phishing Nov 26 2004 05:27PM
John West (jwest23 gmail com)

Re: Article - A solution to phishing Nov 26 2004 02:02PM
Andi McLean (andi_mclean ntlworld com)

RE: Article - A solution to phishing Nov 26 2004 08:35AM
Christopher Canova (canovac earthlink net)

Re: Article - A solution to phishing Nov 26 2004 07:58AM
Peter Conrad (conrad tivano de)

Re: Article - A solution to phishing Nov 26 2004 04:48AM
Joseph Miller (joseph tidetamerboatlifts com)

Re: Article - A solution to phishing Nov 26 2004 03:46AM
ZedGama3 (zedgama3 gmail com)

Re: Article - A solution to phishing Nov 25 2004 10:10PM
Saqib N Ali seagate com