CNET - Defeating Online Banking Security

  

How does PhishCops® work?

 

 

  

 
 

CNET: Defeating online banking security

  

 
CNET News.com: Broadcast August 20, 2007 (Excerpts)
In a CNET podcast, staff writer Robert Vamosi interviews a security expert who explains how fraudsters can easily defeat challenge / response and shared secret image authentication systems (such as RSA Sitekey, Digital Resolve, and Business Signatures).

Vamosi talks with Brendan O'Connor, a security researcher who gave a presentation at this year's DefCon Conference in Las Vegas on online banking security. O'Connor hacked his own bank account before the live DefCon audience to demonstrate how easily phishing operators can bypass challenge / response and secret image authentication systems. Pertinant excerpts are presented. Length 10 min 19 sec.  This presentation is facilitated using Macromedia Flash audio.   If you do not have Flash installed, you may download it here.

(Referring to challenge / response and secret image systems)

"These banks are using very, very strong words when they show that picture, like 'if you see this, you can be ASSURED that you're on the real site', or 'You are CERTAIN you're on the real site, not a phishing site'... the  language they are using is so strong, and the system is so simple to bypass, I was just AMAZED when I saw it!"

- Brendan O'Connor
Security Research Presenter at the DefCon Conference - August 2007
CNET Interview with Robert Vamosi. 

 

 

Home   |   Sitemap   |   Contact Us   |   Print this Page   |   Search 
© 2008 Sestus Data Company   All Rights Reserved. PhishCops® is Patent Pending.

Toll Free Tel. (800) 788-1927
California (San Francisco) Tel. (415) 963-4124    |   New York (Manhattan) Tel. (718) 841-7350