WebApp Sec mailing list archives

Re: Article - A solution to phishing

From: Saqib.N.Ali () seagate com
Date: Thu, 25 Nov 2004 14:10:47 -0800

Hello Michael,

Interesting article, and well-written.

The technique you are proposing is very similar to assigning a RSA 
SecureID to each of the banc customer. Except in this case the customer 
doesn't hold the physical SecureID, instead he/she is sent the 
auto-generated number.

One major problem of these kind of systems is that, they are dependent on 
3rd party service being available whenever the customer wants to access 
the banc. In this case the 3rd party service is the customer's personal 
email provider, which may not be available all the time.

RSA SecureID has the same problem, i.e. what if the customer loses his/her 
SecureID and is at a remote location where he/she can not physically go to 
banc branch.

Thanks.
Saqib Ali
http://validate.sf.net





"Michael Silk" <michaels () phg com au> 
No Phone Info Available
11/22/2004 07:40 PM

To
<webappsec () securityfocus com>
cc

Subject
Article - A solution to phishing






Hi,
 
    Just a quick little article about a login system that, should (i
think :)), prevent phishing attempts on your site.
 
 
http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm
l
 
    Have a look at it and let me know what you think ... and apologies
to anyone if an idea like this is already out there :)
 
-- Michael


**********************************************************************
This email message and accompanying data may contain information that is 
confidential and/or subject to legal privilege. If you are not the 
intended recipient, you are notified that any use, dissemination, 
distribution or copying of this message or data is prohibited. If you have 
received this email message in error, please notify us immediately and 
erase all copies of this message and attachments.

This email is for your convenience only, you should not rely on any 
information contained herein for contractual or legal purposes. You should 
only rely on information and/or instructions in writing and on company 
letterhead signed by authorised persons.
**********************************************************************

Current thread:

Article - A solution to phishing Michael Silk (Nov 25)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 27)
- RE: Article - A solution to phishing Christopher Canova (Nov 27)
- Re: Article - A solution to phishing Andi McLean (Nov 27)
- Re: Article - A solution to phishing ZedGama3 (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 27)
- Re: Article - A solution to phishing Peter Conrad (Nov 27)
- Re: Article - A solution to phishing John West (Nov 27)
- Re: Article - A solution to phishing Paul Johnston (Nov 27)
- <Possible follow-ups>
- RE: Article - A solution to phishing Damhuis Anton (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing Robin Balean (Nov 27)

(Thread continues...)