funsec mailing list archives
Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 28 Jun 2007 21:28:58 +1200
Jim Murray wrote:
Very simple, though I can't (unfortunately!) take credit for inventing it. Issue the customer with a numbered list of one-time passwords. For each transaction, have the bank computer require the use of one of those passwords, chosen at random. That way, no matter what trojans, sniifers or other garbage are on the PC the most they can capture is the password for one single transaction which instantly becomes useless for any future transactions.
You have no clue of the kinds of _successful_ attacks against the German "TAN" system that have already occurred, have you? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Fergie (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases B.K. DeLong (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Blue Boar (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Jim Murray (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Gadi Evron (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Nick FitzGerald (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Bill Weiss (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases B.K. DeLong (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dude VanWinkle (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)