[90474] in North American Network Operators' Group
Re: Black Frog - the botnets keep coming
daemon@ATHENA.MIT.EDU (leo vegoda)
Fri May 26 04:46:30 2006
Date: Fri, 26 May 2006 10:45:58 +0200
From: leo vegoda <leo@ripe.net>
To: Gadi Evron <ge@linuxbox.org>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0605260302230.3543-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
Gadi Evron wrote:
[...]
> Regular type "fake site" phishing is going to be with us for a long time
> yet but several of the organized crime groups involved are hard at work at
> released Trojan horses using root kit technology daily, which basically
> steals your credentials to every HTTPS site you enter, and reports home.
>
> How do banks, ISP's, or whoever else defend from the roblem moving to the
> user-side? That is a very interesting question indeed. :)
Over here some banks issue customers a password token device that uses a
combination of your card, a number sent by the web site and a PIN to
generate a one-time password. It seems a reasonable system, and isn't
really new technology. However, while bank web site security may be
on-topic for other lists I suspect it's wandering off-topic for NANOG.
Regards,
--
leo vegoda
Registration Services Manager
RIPE NCC
