WebApp Sec: RE: Article - A solution to phishing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: Article - A solution to phishing

From: focus () karsites net
Date: Mon, 29 Nov 2004 18:18:00 +0000 (GMT)


Hi Mark and all!

On Sat, 27 Nov 2004, Mark Curphey wrote:

To: webappsec () securityfocus com
From: Mark Curphey <mark () curphey com>
Subject: RE: Article - A solution to phishing

<snip>
My online bank uses a system of picking random numbers from my password, and
asking me to match those numbers with a drop down box, instead of just
typing in the exact password in the same format at each login.</snip>

Can you describe this in detail? Without the details one might think this
just reduces the amount of entropy an attacker has to guess so is a bad
thing.


Take a look at http://www.nationwide.co.uk for the login
screen!

Regards - Keith Roberts

http://www.karsites.net

By Date By Thread

Current thread:

Re: Article - A solution to phishing, (continued)
- Re: Article - A solution to phishing focus (Nov 27)
  - RE: Article - A solution to phishing Mark Curphey (Nov 29)
    - RE: Article - A solution to phishing focus (Nov 29)
  - Re: Article - A solution to phishing Tran Viet Phuong (Nov 29)
  - Re: Article - A solution to phishing Saqib . N . Ali (Nov 29)
    - Re: Article - A solution to phishing Mark Burnett (Nov 29)
    - RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)
- Re: Article - A solution to phishing Michael Silk (Nov 29)