funsec mailing list archives

Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 28 Jun 2007 21:28:58 +1200

Jim Murray wrote:

Very simple, though I can't (unfortunately!)  take credit for inventing it.

Issue the customer with a numbered list of one-time passwords.
For each transaction, have the bank computer require the use of one of
those passwords, chosen at random.

That way, no matter what trojans, sniifers or other garbage are on the
PC the most they can capture is the password for one single transaction
which instantly becomes useless for any future transactions.


You have no clue of the kinds of _successful_ attacks against the 
German "TAN" system that have already occurred, have you?


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Fergie (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases B.K. DeLong (Jun 27)
  - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Blue Boar (Jun 27)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Jim Murray (Jun 28)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Gadi Evron (Jun 28)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Nick FitzGerald (Jun 28)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Bill Weiss (Jun 28)
    - Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Message not available
  - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 27)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dude VanWinkle (Jun 28)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)
    - Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dude VanWinkle (Jun 28)