WebApp Sec mailing list archives
Re: Article - A solution to phishing
From: Saqib.N.Ali () seagate com
Date: Thu, 25 Nov 2004 14:10:47 -0800
Hello Michael, Interesting article, and well-written. The technique you are proposing is very similar to assigning a RSA SecureID to each of the banc customer. Except in this case the customer doesn't hold the physical SecureID, instead he/she is sent the auto-generated number. One major problem of these kind of systems is that, they are dependent on 3rd party service being available whenever the customer wants to access the banc. In this case the 3rd party service is the customer's personal email provider, which may not be available all the time. RSA SecureID has the same problem, i.e. what if the customer loses his/her SecureID and is at a remote location where he/she can not physically go to banc branch. Thanks. Saqib Ali http://validate.sf.net "Michael Silk" <michaels () phg com au> No Phone Info Available 11/22/2004 07:40 PM To <webappsec () securityfocus com> cc Subject Article - A solution to phishing Hi, Just a quick little article about a login system that, should (i think :)), prevent phishing attempts on your site. http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm l Have a look at it and let me know what you think ... and apologies to anyone if an idea like this is already out there :) -- Michael ********************************************************************** This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons. **********************************************************************
Current thread:
- Article - A solution to phishing Michael Silk (Nov 25)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 27)
- RE: Article - A solution to phishing Christopher Canova (Nov 27)
- Re: Article - A solution to phishing Andi McLean (Nov 27)
- Re: Article - A solution to phishing ZedGama3 (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 27)
- Re: Article - A solution to phishing Peter Conrad (Nov 27)
- Re: Article - A solution to phishing John West (Nov 27)
- Re: Article - A solution to phishing Paul Johnston (Nov 27)
- <Possible follow-ups>
- RE: Article - A solution to phishing Damhuis Anton (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing Robin Balean (Nov 27)
(Thread continues...)