WebApp Sec mailing list archives
Re: Re: Article - A solution to phishing
From: RSnake <rsnake () shocking com>
Date: Thu, 14 Jul 2005 08:50:04 -0700 (PDT)
This is actually a really bad security system. All you have to know is any username of a user on the system, and then you can download the resulting JS files and brute force the password offline at your leisure. The only vaguely difficult part is the OCR that would confirm the password is correct. If you think this solves phishing, think again. The bad guys could simply replay each possible password to the target as each keystroke came across the wire. When the correct one was found they could display the accutrust logo. Sorry, this is actually worse than just having a normal username password pair. On Thu, 14 Jul 2005 jcjhilvfgvqcf () mailinator com wrote:
I have found a product that looks better then passmark. It is called ACUTrust (www.acutrust.com) and it uses a visualized token to authenticate the website. it does not use cookies and does not require any client based software. I also think that this would help a non technical person identify the sight.
-R The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or anyaction taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful.
Current thread:
- Re: Re: Article - A solution to phishing jcjhilvfgvqcf (Jul 14)
- Re: Article - A solution to phishing Thomas Chiverton (Jul 14)
- Re: Article - A solution to phishing Saqib Ali (Jul 14)
- Re: Article - A solution to phishing Frank O'Dwyer (Jul 14)
- Re: Re: Article - A solution to phishing bluewizard83-de4gahsh (Jul 14)
- Re: Re: Article - A solution to phishing RSnake (Jul 14)
- Re: Re: Article - A solution to phishing RSnake (Jul 18)
- Re: @CHECK Re: Re: Article - A solution to phishing Dennis W. Kennedy (Jul 18)
- Re: Re: Article - A solution to phishing RSnake (Jul 18)
- <Possible follow-ups>
- Re: Article - A solution to phishing mike (Jul 14)
- RE: Re: Article - A solution to phishing Simon Zuckerbraun (Jul 14)
- RE: Re: Article - A solution to phishing Leandro Meiners (Jul 15)
- Re: Article - A solution to phishing Thomas Chiverton (Jul 14)