funsec mailing list archives
Re: Re[2]: The end of Phishing in sight?
From: "Douglas F. Calvert" <douglasfcalvert () gmail com>
Date: Mon, 17 Oct 2005 18:59:26 -0400
With MITM being the magic bullet, I don't doubt it could work in some cases. But targeting a ssl web site where the customer has safely gone before, carrying an MITM on the login, executing an operation and convincing the customer to sign for it (for example by substituting another operation) and relying on the customer who is logged not seeing that the pending operation isn't the one he signed for is really much more involved than stealing a login. I am sure implementations will differ and some of them will be better than others though.
Phishing would not be an issue if customers always went to "a ssl web site where the customer has safely gone before." The problem is that when customers get a phishing email now they will think they are safe since their bank sent them this fancy thing that goes on their keychain. MitM is not a "magic bullet" it is the obvious attack based on the standard phishin MO... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: The end of Phishing in sight?, (continued)
- RE: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Paul Schmehl (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: The end of Phishing in sight? Mark C (Oct 17)