funsec mailing list archives
RE: Nordea Sweden shuts Internet banking due to targetedphishing
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 5 Oct 2005 20:21:59 +0200
Hi there BB,
You cannot secure against MITM attacks, if the user is willing to ignore any certificate warnings, or more likely, don't notice the missing lock.
In particular are MITM attacks effective against netbanks using one-time passwords. This gives the attacker a small window of opportunity to exploit the login data submitted by a clueless user.
Heck, you can spoof that, too. Dan did a nice demo fo that for me in a chapter he wrote in one of our books a few years back.
Nowadays the task is less than trivial. You can have self-signed certificates installed in a second and request for free ones in a matter of minutes.
The fun thing is, phishing makes the MITM attack trivial for the attacker.
If you consider that scenario funny you're definitely on the right list ;-) Regards Peter Kruse _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Steven Champeon (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Justin Mason (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Richard Cox (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
- RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
- Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)