Full Disclosure mailing list archives
Re: Defeating Citi-Bank Virtual Keyboard Protection
From: root <lyal.collins () key2it com au>
Date: Sat, 06 Aug 2005 16:40:40 -0400
Aditya Deshmukh wrote:
The only most secure protection is a one time password with a challenge / response scheme. Most of the banks in europe already do this. They give out a calculator like device to the customers and when u want to login you are presented with a challenge that you punch into you device which spits a response that you enter that into the form.... Costly for the bank but very effective security for the customer and bank in terms of gain in security and decrease in losses due to fraud .... - Aditya ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Respectfully, I disagree.Although I never attended, this year's IT Underground conference in poland promised a hand on session breaking OTP tokens. As Schneier says, OT token device merely force a tactical shift by the attacker, not a permanent fix. The credit card industry's 'fixes' have only been effective for weeks to months over the past decade, so I don't consider OTPs will make much difference relative to the cost in the mid-long term.
Lyal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Defeating Citi-Bank Virtual Keyboard Protection, (continued)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Jeremy Bishop (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Jeremy Bishop (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection fractalg (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Peter Ferrie (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Michal Zalewski (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Aditya Deshmukh (Aug 05)
- Re: Defeating Citi-Bank Virtual Keyboard Protection root (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Debasis Mohanty (Aug 05)
- RE: Defeating Citi-Bank Virtual Keyboard Protection Nicob (Aug 08)
- Re: Defeating Citi-Bank Virtual Keyboard Protection Bart Lansing (Aug 08)