funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The end of Phishing in sight?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 18 Oct 2005 11:29:57 +1300
Richard M. Smith wrote:


A USB-based token has its own reader.

This type of token uses human eyeballs as a reader:

   http://www.techweb.com/wire/security/60404355


...which, because there is no "trusted path" for all the code executing 
on the machine where the toggle is plugged in and the user is reading 
the toggle's output, code injected between the "read user input" and 
"send authenticated request" stages of the application processing the 
transaction requests can redirect the transaction.

Given the current primary "target market" of the phishers, this lifts 
the bar about as much extra as "onscreen keyboards" did, and they were 
very quickly broken by the phishers when they were first used (and that 
was loooong before their recent adoption by some of the now very 
heavily phished South American banks).


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: