|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Phishing and BGP Blackholing
* Neil J. McRae: > I didn't see the original post but the topic came > up in 2005 here in the UK as the banks here wanted to > use BGP filtering in the same light. The LINX prepared > a paper on the issues with BGP blackholing and recommended > that if the banks want to trade on the Internet that > they should introduce authentication systems that are fit > for purpose (SecureID for example (many banks had already > done this)). Banks have deployed much more secure systems than SecureID, and there have been successful attacks against them. SecureID might be helpful if you want to differentiate your product between automatic and manual use, but it doesn't do anything to authenticate the party you are relaying information to. But it's useless in a phishing context. If you want a token solution, at least use something that factors in transaction-related data.
|