Re: Re: Article - A solution to phishing

[RSnake <rsnake () shocking com>]

        This is actually a really bad security system.  All you have to
        know is any username of a user on the system, and then you can
        download the resulting JS files and brute force the password
        offline at your leisure.  The only vaguely difficult part is the
        OCR that would confirm the password is correct.  If you think
        this solves phishing, think again.  The bad guys could simply
        replay each possible password to the target as each keystroke
        came across the wire.  When the correct one was found they could
        display the accutrust logo.  Sorry, this is actually worse than
        just having a normal username password pair.

On Thu, 14 Jul 2005 jcjhilvfgvqcf () mailinator com wrote:

> I have found a product that looks better then passmark.
>
> It is called ACUTrust (www.acutrust.com) and it uses a visualized token to authenticate the website.  it does not use 
> cookies and does not require any client based software.  I also think that this would help a non technical person 
> identify the sight.

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is 
expressly prohibited and may be unlawful.