[19458] in cryptography@c2.net mail archive
What phishers want
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Dec 28 14:34:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "James A. Donald" <jamesd@echeque.com>
Cc: cryptography@metzdowd.com,
"Perry E. Metzger" <perry@piermont.com>
In-Reply-To: (Your message of "Tue, 27 Dec 2005 23:18:08 PST.")
<43B1CBB0.25041.37C4738@localhost>
Date: Wed, 28 Dec 2005 13:46:42 -0500
In message <43B1CBB0.25041.37C4738@localhost>, "James A. Donald" writes:
> --
You wrote:
>
>2. Phishers are after shared secrets, so secure each
>shared secret, and thus each relationship, with
>SRP-TLS-OpenSSL This also requires that establishing a
>relationship, and verifying a shared secret, should be
>part of the browser chrome, rather than a particular
>application of generic web forms.
>
No -- what phishers are after is money. They get that today by going
after shared secrets. If banks change, they'll change.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
