Full Disclosure mailing list archives
Re: FW: PassMark?
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Tue, 13 Jun 2006 09:24:28 -0400
On 6/13/06, Josh L. Perrymon <joshuaperrymon () gmail com> wrote:
I'm mean-- the more hoops you have to jump through will make it harder to attack or replicate from a phishing view.. but also making it much more cumbersome on users.
Ironic, considering one of the main goals of these systems is to make web site verification less cumbersome. SSL certificates are great from a cryptographic point of view, but are useless for most end users. Here's an article from May describing some of the issues with BofA and SiteKey: http://www.baselinemag.com/print_article2/0,1217,a=178262,00.asp "...after the bank made SiteKey mandatory, customers who had trouble using it—for example, by failing to follow directions when they registered—boosted calls to the bank's customer service centers by 25%..." "...Even though SiteKey is not fully installed, it has already cut the number of successful phishing attacks against the bank, according to Claypool, although she won't say by how many. Attempted phishing attacks have not decreased..." Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FW: PassMark? Josh L. Perrymon (Jun 12)
- Re: FW: PassMark? Brian Eaton (Jun 13)