[73248] in North American Network Operators' Group
Re: Phishing (Was Re: WashingtonPost computer security stories)
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Tue Aug 17 11:28:41 2004
Date: Tue, 17 Aug 2004 08:28:01 -0700 (PDT)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: Michael.Dillon@radianz.com
Cc: nanog@merit.edu
In-Reply-To: <OFFF022277.9F9C4AE7-ON80256EF3.004836C5-80256EF3.0048A46E@radianz.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 17 Aug 2004 Michael.Dillon@radianz.com wrote:
> Barclays also uses a "memorable word" in addition to
> the PIN code. They repeatedly tell us that no-one
> from Barclays will ever ask us to reveal this
> memorable word. It's only use is for a simple
> challenge-response where the website asks for
> two specific letters from the word and we select
> them from drop-down boxes to defeat keyloggers.
> Nice example of layered security that keeps the
> criminals snapping at the heels of the guy next
> door, i.e. CitiBank et al.
Lots of european banks issue sheets of onetime passwords.
> --Michael Dillon
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
