What phishers want
Steven M. Bellovin
smb at cs.columbia.edu
Wed Dec 28 13:46:42 EST 2005
In message <43B1CBB0.25041.37C4738 at localhost>, "James A. Donald" writes:
> --
You wrote:
>
>2. Phishers are after shared secrets, so secure each
>shared secret, and thus each relationship, with
>SRP-TLS-OpenSSL This also requires that establishing a
>relationship, and verifying a shared secret, should be
>part of the browser chrome, rather than a particular
>application of generic web forms.
>
No -- what phishers are after is money. They get that today by going
after shared secrets. If banks change, they'll change.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list