[cryptography] trustwave admits issuing corporate mitm certs

James A. Donald jamesd at echeque.com
Wed Feb 29 04:12:36 EST 2012


On 2012-02-28 11:34 PM, The Fungi wrote:
 > "Your login was successful, but due to recent security concerns we
 > also require a one-time verification of your personal information.
 > Please now enter the following...
 >
 >   * Checking Account Number
 >   * Bank Routing Number
 >   * ATM Card Number
 >   * Card Expiraion Date
 >   * CCV Number
 >   * Full Name
 >   * Billing Address
 >   * Social Security Number
 >   * Drivers License Number
 >
 > Thank you for your cooperation. Please click here to log out and
 > back in again. [hyperlink to actual impersonated site]"

Again, I point out that World Of Warcraft, and the rest of the gaming 
sites, are under massive phishing attack, and phishing really does not 
work very well, probably because people are used to entering their 
credentials in an environment that is not a standard web page.  By and 
large, WoW credentials are stolen by installing trojans.

We should not be doing authentication in an ordinary web page.



More information about the cryptography mailing list