[cryptography] trustwave admits issuing corporate mitm certs
James A. Donald
jamesd at echeque.com
Wed Feb 29 04:12:36 EST 2012
On 2012-02-28 11:34 PM, The Fungi wrote:
> "Your login was successful, but due to recent security concerns we
> also require a one-time verification of your personal information.
> Please now enter the following...
> * Checking Account Number
> * Bank Routing Number
> * ATM Card Number
> * Card Expiraion Date
> * CCV Number
> * Full Name
> * Billing Address
> * Social Security Number
> * Drivers License Number
> Thank you for your cooperation. Please click here to log out and
> back in again. [hyperlink to actual impersonated site]"
Again, I point out that World Of Warcraft, and the rest of the gaming
sites, are under massive phishing attack, and phishing really does not
work very well, probably because people are used to entering their
credentials in an environment that is not a standard web page. By and
large, WoW credentials are stolen by installing trojans.
We should not be doing authentication in an ordinary web page.
More information about the cryptography