ARP-spoofing defense
Wade Preston Shearer
lists at wadeshearer.com
Mon Mar 19 13:12:30 MDT 2007
> If the UCCU main page was not secure, then the same ARP trick could be
> used to display a fake UCCU page which redirects to a non-secure rogue
> page to steal login credentials. So I for one, like the fact that the
> whole site is encrypted.
My credit union (America First) uses a two-step, account # and then
pin log in process that assures that I am not being phished. The
second step displays a photograph that I have select and requires
that the computer I am logging in from either be registered or I have
to answer multiple questions.
(I agree that that is more work then waiting for a secure page to
load however, but I do compliment them for and appreciate their
security measures.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2425 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070319/2a1a3284/smime.bin
More information about the PLUG
mailing list