[OWASP-Ireland] Phishing One-time passwords

Brian Honan brian.honan at bhconsulting.ie
Mon Oct 17 06:24:45 EDT 2005 

Interesting in this case was the fact that each customer was given a card from which they could scratch off their OTP.  Users were duped into entering their latest OTP into a fake site.  So another weak link here is that the passwords were pregenerated and had no expiration. 

Brian
-----Original Message-----
From: Eoin.Keary at allianz.ie
Date: Mon, 17 Oct 2005 11:14:45 
To:OWASP-Ireland at lists.sourceforge.net
Subject: [OWASP-Ireland] Phishing One-time passwords

http://www.theregister.co.uk/2005/10/12/outlaw_phishing/ 
 
One-Time passwords are meant to be more secure but the weak link is people (Tell me something I don't know). 
 

 
 Eoin Keary
 Contractor
 Allianz Ireland
 IT Security (Tech Admin)
 Security Projects Division
 Dir: + 353-1-613-3490
 Mob: + 353-87-904-1922
 Mailto:eoin.keary at allianz.ie
 Ph  01 6133490
 
 
 
 
 
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 Allianz Ireland p.l.c. and Allianz Corporate Ireland p.l.c. are companies of the Allianz Group, Europe's leading global insurer and provider of financial services. 
 For more information on our products and services log on to www.allianz.ie or call us on (01)613 3000.
 
 The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action or reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete the material from your computer.
 
 Allianz Ireland p.l.c. trading as Allianz is regulated by the Irish Financial Services Regulatory Authority (IFSRA). 
 Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the Irish Financial Services Regulatory Authority (IFSRA).
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 
 
 
 
---
Brian Honan
BH Consulting
Helping You Piece IT Together
Tel:         +353-1-8243846
Mob:      +353-86-8114066
Email:      brian.honan at bhconsulting.ie
www:      http://www.bhconsulting.ie                
Support Global Security Week 5/11 - 9/11 www.globalsecurityweek.com

This message is for the named person's use only. If you received this message in error, please immediately delete it and all copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender and not of BH Consulting

More information about the Owasp-ireland mailing list