funsec mailing list archives

RE: Nordea Sweden shuts Internet banking due to targetedphishing

From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 5 Oct 2005 20:21:59 +0200

Hi there BB,

You cannot secure against MITM attacks, if the user is 
willing to ignore any certificate warnings, or more likely, 
don't notice the missing lock.


In particular are MITM attacks effective against netbanks using one-time
passwords. This gives the attacker a small window of opportunity to exploit
the login data submitted by a clueless user.

  Heck, you can spoof that, too.  Dan did a nice demo fo that 
for me in a chapter he wrote in one of our books a few years back.


Nowadays the task is less than trivial. You can have self-signed
certificates installed in a second and request for free ones in a matter of
minutes.

The fun thing is, phishing makes the MITM attack trivial for 
the attacker.

 
If you consider that scenario funny you're definitely on the right list ;-)

Regards
Peter Kruse


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Nordea Sweden shuts Internet banking due to targeted phishing, (continued)
- - - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Craig Webster (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Steven Champeon (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Justin Mason (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Blue Boar (Oct 05)
    - RE: Nordea Sweden shuts Internet banking due to targetedphishing Peter Kruse (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Richard Cox (Oct 04)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing David Lodge (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Drsolly (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Valdis . Kletnieks (Oct 05)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Dan Kaminsky (Oct 05)
    - RE: Nordea Sweden shuts Internet banking due to targetedphishing Aditya Deshmukh (Oct 04)
    - Re: Nordea Sweden shuts Internet banking due to targeted phishing Florian Weimer (Oct 05)
  - Re: Nordea Sweden shuts Internet banking due to targeted phishing Andreas Östling (Oct 05)

(Thread continues...)