WebApp Sec mailing list archives
RE: Phishing
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Thu, 13 May 2004 12:57:04 +0100
My bank has a HTML select for entry of two abitrary characters of a secret word. Quite a simple workaround to the keylogger issue. The second issue between the keyboard and the chair is an entirely larger problem. ;-) Ian -----Original Message----- From: Glenn and Mary Everhart [mailto:Everhart () gce com] Sent: Wed 12/05/2004 18:03 To: Mark Curphey Cc: webappsec () securityfocus com Subject: Re: Phishing How do folks feel about other techniques to make a site harder to fake, given that we're seeing keystroke loggers placed by spam/virii these days? That is, stuff like putting in a number pad made of images, in some random order, and asking people to "key in" a PIN with mouse clicks? [snip] (Then we start dealing with the fools who phone in to complain we won't let them have 3 character passwords like "aaa" and still want their transactions guaranteed. Honestly sometimes I think people like that should bank at sites with names like robmeblind.com...)
Current thread:
- RE: Phishing Sarah Elan (May 12)
- RE: Phishing Shivangi Nadkarni (May 12)
- RE: Phishing Zoso (May 13)
- <Possible follow-ups>
- RE: Phishing Rohrer, Mark E (May 12)
- RE: Phishing Griffiths, Ian (May 12)
- Re: Phishing Rogan Dawes (May 13)
- RE: Phishing Adam Lydick (May 14)
- Re: Phishing E.Kellinis (May 15)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Griffiths, Ian (May 13)
- RE: Phishing Michael Silk (May 13)
- Re: Phishing Amit Sharma (May 13)
- Re: Phishing Amit Sharma (May 13)
- RE: Phishing Pete Simpson (May 13)
- RE: Phishing Griffiths, Ian (May 14)
- RE: Phishing Adam Lydick (May 15)
- RE: Phishing Damon McMahon (May 15)
- RE: Phishing Shivangi Nadkarni (May 12)