[16620] in cryptography@c2.net mail archive
Re: AOL Help : About =?iso-8859-1?Q?AOL?=
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Jan 5 11:31:51 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 4 Jan 2005 16:31:15 -0500
From: Adam Shostack <adam@homeport.org>
To: Ian G <iang@systemics.com>
Cc: cryptography@metzdowd.com, cypherpunks@al-qaeda.net
In-Reply-To: <41DB001B.2060308@systemics.com>
On Tue, Jan 04, 2005 at 08:44:11PM +0000, Ian G wrote:
| R.A. Hettinga wrote:
|
| ><http://help.channels.aol.com/article.adp?catId=6&sCId=415&sSCId=4090&articleId=217623>
| >Have questions? Search AOL Help articles and tutorials:
| >.....
| >If you no longer want to use AOL PassCode, you must release your screen
| >name from your AOL PassCode so that you will no longer need to enter a
| >six-digit code when you sign on to any AOL service.
| >
| >To release your screen name from your AOL PassCode
| > 1. Sign on to the AOL service with the screen name you want to
| > release from your AOL PassCode.
| >
|
| OK. So all I have to do is craft a good reason to
| get people to reset their PassCode, craft it into
| a phishing mail and send it out?
Nope! All you have to do is exploit your attack and steal money in
realtime. A securid has no way to authenticate its server, and what's
really needed to stop phishing is server auth.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com