Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Article - A solution to phishing

from [Paul Johnston] Network Security [Permanent Link]
Subject: Re: Article - A solution to phishing
Date: Fri, 26 Nov 2004 17:45:07 +0000 
Hi Michael,

Interesting idea. Not unlike the way credit card companies will sometimes phone you before authorizing a large transaction (never happened to me, but they claim they do it). I think this is good as supplemental authentication, but the delay waiting for the email and such probably make it unsuitible as the main authentication technique. In addition, if it is the ONLY authentication technique, then compromise of the email account means compromise of all accounts using this authentication.

Perhaps an interesting variation would be to SMS a pass code to a mobile phone.

In fact, PayPal do something which is kind of similar. When you join, they bill your card the membership fee, and put a random code in the originator's reference. When you receive your bill and supply this reference back to PayPal, your account is upgraded to "verified" status. Very sensible precaution.

Regards,

Paul

Michael Silk wrote:

Hi,

   Just a quick little article about a login system that, should (i
think :)), prevent phishing attempts on your site.


http://michaelsilk.blogspot.com/2004/11/article-solution-to-phishing.htm
l

   Have a look at it and let me know what you think ... and apologies
to anyone if an idea like this is already out there :)

-- Michael


**********************************************************************
This email message and accompanying data may contain information that is 
confidential and/or subject to legal privilege. If you are not the intended 
recipient, you are notified that any use, dissemination, distribution or 
copying of this message or data is prohibited. If you have received this email 
message in error, please notify us immediately and erase all copies of this 
message and attachments.

This email is for your convenience only, you should not rely on any information 
contained herein for contractual or legal purposes. You should only rely on 
information and/or instructions in writing and on company letterhead signed by 
authorised persons.
**********************************************************************





--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Article - A solution to phishing, John West
Next by Date:  Re: ActiveX controls within an Intranet Environment, GuidoZ
Previous by Thread:  Re: Article - A solution to phishing, John West
Next by Thread:  RE: Article - A solution to phishing, Damhuis Anton
Indexes:  [Date] [Thread] [Top] [All Lists]