Steven M. Bellovin wrote:
Bank of America is adopting some new schemes that might help. First,
they're asking users to select a picture the user selected at
registration time. The theory is presumably that a phishing site won't
have the right image for you. Second, you can "register" your
computer; if your account is accessed from another computer, additional
authentication is demanded, thus rendering a compromised password much
less useful.
I think both schemes will help; I doubt that either will stop the
problems.
http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm
but they appear to be vulnerable to MITM-attacks
a recent thread
http://seclists.org/lists/fulldisclosure/2005/May/0629.html
http://seclists.org/lists/fulldisclosure/2005/May/0637.html
http://seclists.org/lists/fulldisclosure/2005/May/0639.html
http://seclists.org/lists/fulldisclosure/2005/May/0644.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]