nanog mailing list archives

Re: Phishing (Was Re: WashingtonPost computer security stories)

From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Tue, 17 Aug 2004 08:28:01 -0700 (PDT)


On Tue, 17 Aug 2004 Michael.Dillon () radianz com wrote:

Barclays also uses a "memorable word" in addition to
the PIN code. They repeatedly tell us that no-one
from Barclays will ever ask us to reveal this
memorable word. It's only use is for a simple
challenge-response where the website asks for
two specific letters from the word and we select
them from drop-down boxes to defeat keyloggers.
Nice example of layered security that keeps the
criminals snapping at the heels of the guy next
door, i.e. CitiBank et al.


Lots of european banks issue sheets of onetime passwords.

--Michael Dillon

--

--------------------------------------------------------------------------Joel Jaeggli Unix Consulting joelja () darkwing uoregon eduGPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

Current thread:

Re: WashingtonPost computer security stories, (continued)
- - - Re: WashingtonPost computer security stories Stephen J. Wilcox (Aug 17)
  - Re: WashingtonPost computer security stories Doug White (Aug 15)
- Phishing (Was Re: WashingtonPost computer security stories) Niels Bakker (Aug 16)
  - Re: Phishing (Was Re: WashingtonPost computer security stories) Henry Linneweh (Aug 16)
  - Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 16)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Mark Kasten (Aug 16)
  - Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 16)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Sean Donelan (Aug 16)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Richard Cox (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Eric Kuhnke (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Tim Wilde (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Edward B. Dreger (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Brett (Aug 18)
    - Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 17)
- Re: WashingtonPost computer security stories Brandon Butterworth (Aug 15)

(Thread continues...)