WebApp Sec mailing list archives
RE: Phishing
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Thu, 13 May 2004 12:57:04 +0100
My bank has a HTML select for entry of two abitrary characters of a secret word. Quite a simple workaround to the
keylogger issue.
The second issue between the keyboard and the chair is an entirely larger problem. ;-)
Ian
-----Original Message-----
From: Glenn and Mary Everhart [mailto:Everhart () gce com]
Sent: Wed 12/05/2004 18:03
To: Mark Curphey
Cc: webappsec () securityfocus com
Subject: Re: Phishing
How do folks feel about other techniques to make a site harder to fake, given
that we're seeing keystroke loggers placed by spam/virii these days?
That is, stuff like putting in a number pad made of images, in some
random order, and asking people to "key in" a PIN with mouse clicks?
[snip]
(Then we start dealing with the fools who phone in to complain we
won't let them have 3 character passwords like "aaa" and still want
their transactions guaranteed. Honestly sometimes I think people like
that should bank at sites with names like robmeblind.com...)
Current thread:
- RE: Phishing Sarah Elan (May 12)
- RE: Phishing Shivangi Nadkarni (May 12)
- RE: Phishing Zoso (May 13)
- <Possible follow-ups>
- RE: Phishing Rohrer, Mark E (May 12)
- RE: Phishing Griffiths, Ian (May 12)
- Re: Phishing Rogan Dawes (May 13)
- RE: Phishing Adam Lydick (May 14)
- Re: Phishing E.Kellinis (May 15)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Michael Silk (May 13)
- Re: Phishing Amit Sharma (May 13)
- Re: Phishing Amit Sharma (May 13)
- RE: Phishing Pete Simpson (May 13)
- RE: Phishing Griffiths, Ian (May 14)
- RE: Phishing Adam Lydick (May 15)
- RE: Phishing Damon McMahon (May 15)
- RE: Phishing Shivangi Nadkarni (May 12)