[LINK] Phishing past two-factor authentication
Rick Welykochy
rick at praxis.com.au
Fri Apr 20 13:13:38 AEST 2007
Howard Lowndes wrote:
>
>
> Richard Chirgwin wrote:
>> Linkers,
>>
>> If a two-factor method is insufficient to protect (stupid) customers,
>> then I guess it's quite unreasonable for any bank to "blame the
>> customer".
>>
>> http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/
>
>
> It doesn't say so, but I guess this might have used a poisoned DNS or a
> hacked hosts file.
>
> <--------- Fool Money --------->
Good diagram :)
Poisoning the DNS will not present a clean phishing attempt, since
there will be digital cert problems. The MIM attack is clean and
undetectable.
<--------- Fool Digital Certificates --------->
cheers
rick
--
_________________________________
Rick Welykochy || Praxis Services
The Bible teaches how to go to heaven, not how the heavens go.
-- Galileo
More information about the Link
mailing list