[121484] in cryptography@c2.net mail archive
Re: [Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect
daemon@ATHENA.MIT.EDU (Thierry Moreau)
Wed Apr 23 17:07:16 2008
Date: Wed, 23 Apr 2008 11:35:08 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: Arshad Noor <arshad.noor@strongauth.com>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <480E4E58.8090906@strongauth.com>
Arshad Noor wrote:
>
>> Fascinating!
>>
>> This may be the first phishing e-mail I've seen that uses
>> a message related to digital certificates for attacking the
>> client; I am not a customer of Comerica.
>>
I did notice this reference to certificates in the phishing blabla message.
I checked very quickly at comerica.com, they don't seem to use client PK
pairs (nor certificates), merely the usual name/password authentication.
If the target financial institution was using client authentication, it
would be interesting to see phishing scenario details, but that's not
the case until shown otherwise.
I'm not impressed by the phisher blabla message.
--
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
