[93909] in North American Network Operators' Group
RE: Phishing and BGP Blackholing
daemon@ATHENA.MIT.EDU (Neil J. McRae)
Wed Jan 3 09:50:24 2007
From: "Neil J. McRae" <neil@domino.org>
To: "'Florian Weimer'" <fw@deneb.enyo.de>
Cc: <nanog@nanog.org>
In-Reply-To: <87fyasw53h.fsf@mid.deneb.enyo.de>
Date: Wed, 3 Jan 2007 14:49:04 -0000
Errors-To: owner-nanog@merit.edu
> SecureID might be helpful if you want to differentiate your product
> between automatic and manual use, but it doesn't do anything to
> authenticate the party you are relaying information to. But it's
> useless in a phishing context. If you want a token solution, at least
> use something that factors in transaction-related data.
Florian,
Sorry we didn't' specifically recommend any solution simply that
they need to look are more secure authentication systems to
minimize phishing issues. As you note even the most secure systems
can be beaten.
Neil.
