funsec mailing list archives
Slashdot: Bank of America's SiteKey bypassed
From: <rms () computerbytesman com>
Date: Thu, 12 Apr 2007 12:40:45 -0400
Boarding Pass <http://it.slashdot.org/it/07/04/12/1444204.shtml> Hacker Targets Bank of America Posted by kdawson on Thursday April 12, @11:51AM from the augmented-man-in-the-middle dept. <http://slashdot.org/search.pl?tid=172> Security Concerned Customer writes "The fake boarding <http://yro.slashdot.org/yro/06/10/28/2358202.shtml?tid=123> pass guy is at it again. His blog shows a demonstration <http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.h tml> phishing website that is able to bypass the SiteKey authentication system used by Bank of America <http://www.bankofamerica.com/privacy/sitekey/> , Fidelity, and Yahoo <https://protect.login.yahoo.com/> . Users will be shown their security image, even though they're not visiting the authentic websites." This hack compounds the study showing that users don't pay <http://it.slashdot.org/it/07/02/05/1323243.shtml?tid=172> attention to the SiteKey pictures anyway. <http://slashdot.org/login.pl> [+] security <http://slashdot.org/tags/security> (tagging beta <http://slashdot.org/faq/tags.shtml> ) * <http://it.slashdot.org/it/07/04/12/1444204.shtml> Read More... * 28 <http://it.slashdot.org/it/07/04/12/1444204.shtml> of 36 <http://it.slashdot.org/article.pl?sid=07/04/12/1444204&threshold=-1> comments * it.slashdot.org <http://it.slashdot.org/>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Slashdot: Bank of America's SiteKey bypassed rms (Apr 12)