- TalkBack 7 of 9:
- Next »
- « Previous
- Thread View
- Flat View
- Yeah, and what about Man-In-the-Middle?
-
PayPal's about two years behind. This solution does no good whatsoever. Man-in-the-Middle attacks work perfectly against key fobs. The phishing site works exactly as it did before, except that instead of just storing your username and password, it connects to PayPal in realtime and passes the Fob info which is obtained on the phishing site. The phishing site essentially acts as a proxy. Granted, they'll only have the 1 session, but how many do you need to transfer money? The answer is 1.
If they were smart, they would have the number on the FOB be correspond to a submdomain, which would be the only place that the user could login at a given time. Let's say the fob shows 1234. Then you could only login by actually TYPING 1234.paypal.com into your browser. It would render stolen passwords useless (since no one with your password would know where to go to login), AND make it impossible for a man-in-the-middle attack to work.
Just my $.25.
Hal - Posted by: hal@... Posted on: 01/15/07 You are currently: a Guest | Members login | Terms of Use
It's what ALL online financial services providers should do
ejhonda | 01/12/07
|
|
Pocket full of Fobs
zdnet@... | 01/12/07
|
I tend to agree
sfmartin | 01/12/07
|
That would be
d.s.williams | 10/09/09
|
|
(NT) OH NO! I've lost my fob!!! :o)
Jack-Booted EULA | 01/12/07
|
|
No-fob solution
d.s.williams | 10/09/09
|
|
Yeah, and what about Man-In-the-Middle?
hal@... | 01/15/07
|
|
Good idea!
d.s.williams | 10/09/09
|
|
Two questions
d.s.williams | 10/09/09
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- Get top-ranked Novell support for Red Hat at 50% less Novell A simplified IT environment isn't just less complex, it's more reliable. ... Download Now
- Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
- Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
