funsec mailing list archives
RE: The end of Phishing in sight?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 18 Oct 2005 11:29:57 +1300
Richard M. Smith wrote:
A USB-based token has its own reader. This type of token uses human eyeballs as a reader: http://www.techweb.com/wire/security/60404355
...which, because there is no "trusted path" for all the code executing on the machine where the toggle is plugged in and the user is reading the toggle's output, code injected between the "read user input" and "send authenticated request" stages of the application processing the transaction requests can redirect the transaction. Given the current primary "target market" of the phishers, this lifts the bar about as much extra as "onscreen keyboards" did, and they were very quickly broken by the phishers when they were first used (and that was loooong before their recent adoption by some of the now very heavily phished South American banks). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The end of Phishing in sight? Fergie (Paul Ferguson) (Oct 17)
- Re: The end of Phishing in sight? Paul Schmehl (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- RE: The end of Phishing in sight? Nick FitzGerald (Oct 17)
- Re: The end of Phishing in sight? Dave Killion (Oct 17)
- Re: The end of Phishing in sight? Security Lists (Oct 17)
- Re[2]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- RE: Re[2]: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: Re[2]: The end of Phishing in sight? Valdis . Kletnieks (Oct 17)
- Re[4]: The end of Phishing in sight? Pierre Vandevenne (Oct 17)
- Speaking of phishing xyberpix (Oct 18)
- Re: Speaking of phishing Richard Cox (Oct 18)
- Re: Speaking of phishing xyberpix (Oct 19)
- Re: The end of Phishing in sight? Paul Schmehl (Oct 17)
- Re: The end of Phishing in sight? Blue Boar (Oct 17)