ARP-spoofing defense

Wade Preston Shearer lists at wadeshearer.com
Mon Mar 19 13:12:30 MDT 2007


> If the UCCU main page was not secure, then the same ARP trick could be
> used to display a fake UCCU page which redirects to a non-secure rogue
> page to steal login credentials. So I for one, like the fact that the
> whole site is encrypted.

My credit union (America First) uses a two-step, account # and then  
pin log in process that assures that I am not being phished. The  
second step displays a photograph that I have select and requires  
that the computer I am logging in from either be registered or I have  
to answer multiple questions.

(I agree that that is more work then waiting for a secure page to  
load however, but I do compliment them for and appreciate their  
security measures.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2425 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070319/2a1a3284/attachment.bin 


More information about the PLUG mailing list