funsec mailing list archives
RE: The end of Phishing in sight?
From: Blanchard_Michael () emc com
Date: Mon, 17 Oct 2005 17:12:58 -0400
Two factor is certainly a step in the right direction. But if it's not the be-all end-all, what better methods "could" we use? If we, the security community, could design and build the securest online bank, what would we use? Anything I think of are all susceptible to MITM attacks at the least. I feel that 2 factor auth is pretty good. Not perfect, but certainly better than a straight UN/PW, it won't stop identity theft, as the theif can still successfully phish for SSN's and other information and assume a victim's identity, but at least their 1.98 in the bank will be safe for a little while.... Mike B Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 email: Blanchard_Michael () EMC COM -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Florian Weimer Sent: Monday, October 17, 2005 4:47 PM To: funsec () linuxbox org Subject: Re: [funsec] The end of Phishing in sight?
Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit. Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
In Germany, we have both: two-factor authentication and phishing. This should tell you something about the effectiveness of two-factor authentication. *sigh* To me, this looks like a subsidy for certain parts of the security industry, and not a step to protect consumers. Otherwise, there wouldn't be something which is close to a technology mandate. (Yeah, I know, I'm probably driving on the wrong side of the road, given the long list of famous names who disagrees with me. But still...) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re[2]: The end of Phishing in sight?, (continued)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re: The end of Phishing in sight? Paul Schmehl (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Florian Weimer (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: The end of Phishing in sight? Mark C (Oct 17)
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)