Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: PassMark?

From: "Brian Eaton" <eaton.lists () gmail com>
Date: Tue, 13 Jun 2006 09:24:28 -0400
On 6/13/06, Josh L. Perrymon <joshuaperrymon () gmail com> wrote:

I'm mean--  the more hoops you have to jump through will make it harder to
attack or replicate from a phishing view.. but also making it much more
cumbersome on users.


Ironic, considering one of the main goals of these systems is to make
web site verification less cumbersome.  SSL certificates are great
from a cryptographic point of view, but are useless for most end
users.

Here's an article from May describing some of the issues with BofA and SiteKey:

http://www.baselinemag.com/print_article2/0,1217,a=178262,00.asp

"...after the bank made SiteKey mandatory, customers who had trouble
using it—for example, by failing to follow directions when they
registered—boosted calls to the bank's customer service centers by
25%..."

"...Even though SiteKey is not fully installed, it has already cut the
number of successful phishing attacks against the bank, according to
Claypool, although she won't say by how many. Attempted phishing
attacks have not decreased..."

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: