On Mon, Dec 29, 2003, Diego Iastrubni wrote about "Re: An approach I made to 1st yashir bank": > Do you expect some stupid secretary who read those faxes actually understand > what a "man in the middle" attack is?
And besides, who needs a man in the middle attack when it's easy to guess (or social-engineer) the answer to these questions like, "the name of your elementary school", "a name of a friend" or "your mother's maiden name"? Let's face it, that 5th-letter-of-your-mothers-maiden-name is crap, meant to thwart only the most basic kind of fraud (namely, somebody answering your phone and casually accepting a call from them and pretending to be you) and as a weak solution to replay attacks (somebody using the PIN number he overheard you punching). A dedicated attacker can easily break both those layers of (in)security, with or without a man-in-the-middle attack. -- Nadav Har'El | Monday, Dec 29 2003, 5 Tevet 5764 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-790466, ICQ 13349191 |Sorry, but my karma just ran over your http://nadav.harel.org.il |dogma. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
