WebApp Sec: Re: Article - A solution to phishing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Article - A solution to phishing

From: ZedGama3 <zedgama3 () gmail com>
Date: Thu, 25 Nov 2004 22:46:43 -0500

Couple of thoughts
1) Anyone with access to your email has access to your acount as long
as they know your username

2) I would be annoyed to have to go to my email everytime I wanted to
go to my bank, usually my email arrives promptly, but sometimes,
especially at work, my email can take more than 15min to arrive at
which time I have to submit another login request

3) As you have already noted, email is terribly insecure

I would like to see a certificate system where the authentication is
based on a certificate installed on the machine.  You can password
protect the certificate from unauthorized use and the authentication
system, even if used for the wrong site, cannot be used to access your
account.


On Tue, 23 Nov 2004 14:40:30 +1100, Michael Silk <michaels () phg com au> wrote:

Hi,

   Just a quick little article about a login system that, should (i
think :)), prevent phishing attempts on your site.

http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm
l

   Have a look at it and let me know what you think ... and apologies
to anyone if an idea like this is already out there :)

-- Michael

**********************************************************************
This email message and accompanying data may contain information that is confidential and/or subject to legal 
privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or 
copying of this message or data is prohibited. If you have received this email message in error, please notify us 
immediately and erase all copies of this message and attachments.

This email is for your convenience only, you should not rely on any information contained herein for contractual or 
legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed 
by authorised persons.
**********************************************************************

By Date By Thread

Current thread:

Article - A solution to phishing Michael Silk (Nov 25)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 27)
- RE: Article - A solution to phishing Christopher Canova (Nov 27)
- Re: Article - A solution to phishing Andi McLean (Nov 27)
- Re: Article - A solution to phishing ZedGama3 (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 27)
- Re: Article - A solution to phishing Peter Conrad (Nov 27)
- Re: Article - A solution to phishing John West (Nov 27)
- Re: Article - A solution to phishing Paul Johnston (Nov 27)
- <Possible follow-ups>
- RE: Article - A solution to phishing Damhuis Anton (Nov 27)