funsec mailing list archives
Re: Nordea Sweden shuts Internet banking due to targetedphishing
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 05 Oct 2005 11:28:26 -0700
Peter Kruse wrote:
In particular are MITM attacks effective against netbanks using one-time passwords. This gives the attacker a small window of opportunity to exploitthe login data submitted by a clueless user.
The way you phrased that, I can't tell if it's a question or a statement agreeing with me. In case it's a question; Yes, it works against any kind of one-time password, since the MITM attack is taking place more-or-less live, as I imagine it.
I proxy you logging in. Maybe I used a few other proxies or an onion-routing network or something, to make it less trivial to track my phishing site down. You provide your creds, I'm now logged into your account. Even only stealing $1000 from 10 people before my site gets banned probably makes it worth my while.
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Nordea Sweden shuts Internet banking due to targetedphishing McGuffin, Tim (Oct 05)
- <Possible follow-ups>
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Henderson, Dennis K. (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targetedphishing Blue Boar (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 06)