Citibank discloses private information to improve security
Anne & Lynn Wheeler
lynn at garlic.com
Tue May 31 16:31:13 EDT 2005
Steven M. Bellovin wrote:
> Bank of America is adopting some new schemes that might help. First,
> they're asking users to select a picture the user selected at
> registration time. The theory is presumably that a phishing site won't
> have the right image for you. Second, you can "register" your
> computer; if your account is accessed from another computer, additional
> authentication is demanded, thus rendering a compromised password much
> less useful.
>
> I think both schemes will help; I doubt that either will stop the
> problems.
>
>
> http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm
but they appear to be vulnerable to MITM-attacks
a recent thread
http://seclists.org/lists/fulldisclosure/2005/May/0629.html
http://seclists.org/lists/fulldisclosure/2005/May/0637.html
http://seclists.org/lists/fulldisclosure/2005/May/0639.html
http://seclists.org/lists/fulldisclosure/2005/May/0644.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list