Two factor authentication, Banks and Fraud!

[Guest]

[Jiehua]

For the man-in-the-Middle attack and trojan attack,how can two-factor Authentication system prevent them efficiently?Is there any idea which can be suggested for the bank to use thus it can improve its security?

[Melih]

our solution does prevent MIM (man in the middle) attacks.

some financial institutions are starting to use our solution. If your bank doesn't pls recommend us to them.
thank you

Melih

[MorphOS REBOL]

I will do as you said, Melih. But I sincerely doubt there are any kinds of ears existing here, where I am.

Still, in hope, don't know why.

[arjunpa]

Phishing is the one of the major problem faced in my country and it has become a common thing.I just read in newspaper that phising is done mainly from Kenya and Nigeria.I dont know whether its true....

[Melih]

Phishing is a huge problem!
We have solved it using a whitelisting approach with Verification Engine

thanks
melih

[Stanr]

For the man-in-the-Middle attack and trojan attack,how can two-factor Authentication system prevent them efficiently? <snip>

Evidently they can't .

"Silent Banker Trojan Targets 400 Banks, Circumvents Two-Factor Authentication, Just For Starters..." full story here: http://www.nationalcybersecurity.com/blogs/300/Silent-Banker-Trojan-Targets-400-Banks-Circumvents-Two-Factor-Authentication-Just-For-Starters.html

This is probably old news here but it's the first I've seen it.

Will CFP/D+ catch this?

Sure hope so, it sounds nasty.

Thanks,
s.

[Melih]

V3 will catch this!

melih

[Stanr]

Some how I just knew it would.   

Thanks,
s.

[Kaufhof]

Another security application has a "Banking" mode, in which the firewall element  will deny access by your browser to any site not on your "My sites" list.
Obviously you must set up your own listings, but it's simple enough to do by copy and paste of the URL into the list, when you are certain that you are on your bank's site.
All that is required for a transaction with your bank, or other money handling institution, is to enable banking mode, afterwards returning to standard mode.
How do you see the benefits of this approach?

My BIG question (to which I have yet to find an answer) is - how am I ever certain I am on the correct site?

[Melih]

My BIG question (to which I have yet to find an answer) is - how am I ever certain I am on the correct site?

Answer: Verification Engine

Melih

[giraffe]

Answer: Verification Engine

Melih

On that link it says "Unique browser independent verification - Supports all major browsers" but [still] doesn't mention Opera :-(

If Opera isn't considered 'major', then lower down there is:

"VerificationEngine™ supports all the major browsers, so no matter how you choose to navigate around the Internet, VerificationEngine will provide the essential identity assurance you need."

and I choose Opera.

Any chance that Opera will be supported, please?

[Melih]

On that link it says "Unique browser independent verification - Supports all major browsers" but [still] doesn't mention Opera :-(

If Opera isn't considered 'major', then lower down there is:

"VerificationEngine™ supports all the major browsers, so no matter how you choose to navigate around the Internet, VerificationEngine will provide the essential identity assurance you need."

and I choose Opera.

Any chance that Opera will be supported, please?

We will... as soon as we have some dev time free (they are developing some very important stuff of phishing)

melih

[Coolio10]

We will... as soon as we have some dev time free (they are developing some very important stuff of phishing)

melih

I wouldn't worry too much about opera support because a lot of software is not working with opera due to it being closed source. That is why the popular plugin roboform is not for opera but everything else.

[giraffe]

I wouldn't worry too much about opera support because a lot of software is not working with opera due to it being closed source. That is why the popular plugin roboform is not for opera but everything else.

Yes - that also means Opera is not so vulnerable. I use Open DNS and have Opera's fraud system on, then Opera always asks if scrips should run on secure pages and warns me if the encryption is weak/certif. out of date.

Be good when VE is available - thank you Melih, yet again Comodo does the right thing.

[landsker]

Is open DNS helpful in this respect, on its own?

[Tags:]