A demonstration of a "deceit-augmented man in the middle attack" against the SiteKey ® service used by Bank of America.From the slight paranoia blog:
Executive Summary
We present this demonstration of a "deceit-augmented man in the middle attack" against the SiteKey ® service used by Bank of America (the underlying technology is also used by other companies). This, or a similar attack, could be used by a phisher to deceive users into entering their login details to a fraudulent website. BoA's own website tells users: "[W]hen you see your SiteKey, you can be certain you're at the valid Online Banking website at Bank of America, and not a fraudulent look-alike site. Only enter your Passcode when you see the SiteKey image and image title you selected."
See the demo here.
0 comments:
Post a Comment