Passwords vulnerable to phishing
Date: August 09, 2006Source: s-ox.com
Why Passwords Are Vulnerable to Phishing
The main reason passwords are vulnerable is that they are shared secrets. The user types the password into a web page and hits submit. The password is sent over the Internet to the web server, where it is validated against a "master password file." The number of potential attacks against this system are myriad, but the ones most relevant to phishing are:
• The user types password into fake web site, giving the password to the phisher
• The user sends password in response to phishing email
• A Trojan or keystroke logger captures password at desktop
Original article
Add comment Email to a Friend