Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Proposal to anti-phishing
From: Rogan Dawes (discarddawes.za.net)
Date: Mon Jan 17 2005 - 01:58:24 CST
Lyal Collins wrote:
> To eapnd on this, there is nothing the stop the phisher capturing the entire
> session (i.e MITM tunneling), even using a valid OTP token to logon, and
> even a second OTP token to 'authenticate' a transaciton.
> With tunneling the entire session, the attacker can easily present the user
> with screens saying "transfer $200 to mum" while telling the banking site to
> 'transfer $1000 to joehacking.site.somewhere"
Exactly. And this is another reason to use SSL client certificates.
Because they are invulnerable (for large numbers of invulnerable ;-) to
*ALL* messages to discarddawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"