funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The end of Phishing in sight?

From: Jim Murray <jim () digitaldaemons co uk>
Date: Mon, 17 Oct 2005 21:37:59 +0100
Fergie (Paul Ferguson) wrote:

At least a step in the right direction...

[snip]

Federal regulators will require banks to strengthen security for Internet customers through authentication that goes 
beyond mere user names and passwords, which have become too easy for criminals to exploit.

Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the 
Federal Financial Institutions Examination Council said in a letter to banks last week.

In two-factor authentication, customers must confirm their identities not only through something they know, like a 
PIN or password, but also with something they physically have, like a hardware token with numeric access codes that 
change every minute.

Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would 
be inserted into designated readers on a user's computer.


In this age of bot-riddled machines, will this really raise the bar that
 much?

I fear we'll see a temporary lull while the phishers adapt followed by a
massive wave of 'impossible' fraud when they figure out how to beat the
system.

Anyone care to bet how long it'll be till we see the first
'resynchronise your token' trojan being sent out?

Jim.


-- 
      DigitalDaemons IT Services.
---------------------------------------
   E-Mail : jim () digitaldaemons co uk
  Web : http://www.digitaldaemons.net


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: