Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Phishing
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Thu, 13 May 2004 12:57:04 +0100

My bank has a HTML select for entry of two abitrary characters of a secret word.  Quite a simple workaround to the 
keylogger issue.
The second issue between the keyboard and the chair is an entirely larger problem. ;-)

        -----Original Message----- 
        From: Glenn and Mary Everhart [mailto:Everhart () gce com] 
        Sent: Wed 12/05/2004 18:03 
        To: Mark Curphey 
        Cc: webappsec () securityfocus com 
        Subject: Re: Phishing

        How do folks feel about other techniques to make a site harder to fake, given
        that we're seeing keystroke loggers placed by spam/virii these days?
        That is, stuff like putting in a number pad made of images, in some
        random order, and asking people to "key in" a PIN with mouse clicks?

        (Then we start dealing with the fools who phone in to complain we
        won't let them have 3 character passwords like "aaa" and still want
        their transactions guaranteed. Honestly sometimes I think people like
        that should bank at sites with names like robmeblind.com...)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]