lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 13 14:24:38 2006 From: eaton.lists at gmail.com (Brian Eaton) Subject: FW: PassMark? On 6/13/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote: > I'm mean-- the more hoops you have to jump through will make it harder to > attack or replicate from a phishing view.. but also making it much more > cumbersome on users. Ironic, considering one of the main goals of these systems is to make web site verification less cumbersome. SSL certificates are great from a cryptographic point of view, but are useless for most end users. Here's an article from May describing some of the issues with BofA and SiteKey: http://www.baselinemag.com/print_article2/0,1217,a=178262,00.asp "...after the bank made SiteKey mandatory, customers who had trouble using it?for example, by failing to follow directions when they registered?boosted calls to the bank's customer service centers by 25%..." "...Even though SiteKey is not fully installed, it has already cut the number of successful phishing attacks against the bank, according to Claypool, although she won't say by how many. Attempted phishing attacks have not decreased..." Regards, Brian
Powered by blists - more mailing lists