Re: Avoid Phishing in Struts Applications plugin

2010-09-07 Thread Paweł Wielgus
Hi all, one of the banks i use, uses standard login and password to log on, but after login, when one want to transfer money or do any cash related operation one need to provide a special token from your secret list or from hardware token. That way stealing my login and password won't do much for a

Re: Avoid Phishing in Struts Applications plugin

2010-09-06 Thread Oscar
Ok, i got it. Thanks so much for the info. 2010/9/6 Dale Newfield > Examples of why SiteKey really isn't sufficient: > http://antivirus.about.com/b/2010/03/23/bank-of-america-sitekey-scam.htm > > http://www.aviransplace.com/2007/02/05/study-finds-bank-of-america-sitekey-is-flawed/ > (As well as

Re: Avoid Phishing in Struts Applications plugin

2010-09-06 Thread Dale Newfield
Examples of why SiteKey really isn't sufficient: http://antivirus.about.com/b/2010/03/23/bank-of-america-sitekey-scam.htm http://www.aviransplace.com/2007/02/05/study-finds-bank-of-america-sitekey-is-flawed/ (As well as the fact that it's possible for a phishing site to use the same provided ID t

Re: Avoid Phishing in Struts Applications plugin

2010-09-06 Thread Dale Newfield
On 9/6/10 11:42 AM, Oscar wrote: anti-phishing mehcanism into the application If I understand what people generally refer to as phishing, it's someone else making pages appear enough like yours to fool the customers, but with the submitted data going to a third party. As such, there's not a

Avoid Phishing in Struts Applications plugin

2010-09-06 Thread Oscar
Hi to all. I'm working in a project for Bank using Struts 2.1.8 and i have to implement an anti-phishing mehcanism into the application, but i don't know where to start. I understand the basics of phishing but i never applied to a project. Do you know if in Struts exists something like a security p