lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue Jun 13 14:24:38 2006
From: eaton.lists at gmail.com (Brian Eaton)
Subject: FW: PassMark?

On 6/13/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote:
> I'm mean--  the more hoops you have to jump through will make it harder to
> attack or replicate from a phishing view.. but also making it much more
> cumbersome on users.

Ironic, considering one of the main goals of these systems is to make
web site verification less cumbersome.  SSL certificates are great
from a cryptographic point of view, but are useless for most end
users.

Here's an article from May describing some of the issues with BofA and SiteKey:

http://www.baselinemag.com/print_article2/0,1217,a=178262,00.asp

"...after the bank made SiteKey mandatory, customers who had trouble
using it?for example, by failing to follow directions when they
registered?boosted calls to the bank's customer service centers by
25%..."

"...Even though SiteKey is not fully installed, it has already cut the
number of successful phishing attacks against the bank, according to
Claypool, although she won't say by how many. Attempted phishing
attacks have not decreased..."

Regards,
Brian

Powered by blists - more mailing lists