On Tue, Jan 04, 2005 at 08:44:11PM +0000, Ian G wrote: | R.A. Hettinga wrote: | | ><http://help.channels.aol.com/article.adp?catId=6&sCId=415&sSCId=4090&articleId=217623> | >Have questions? Search AOL Help articles and tutorials: | >..... | >If you no longer want to use AOL PassCode, you must release your screen | >name from your AOL PassCode so that you will no longer need to enter a | >six-digit code when you sign on to any AOL service. | > | >To release your screen name from your AOL PassCode | > 1. Sign on to the AOL service with the screen name you want to | > release from your AOL PassCode. | > | | OK. So all I have to do is craft a good reason to | get people to reset their PassCode, craft it into | a phishing mail and send it out? Nope! All you have to do is exploit your attack and steal money in realtime. A securid has no way to authenticate its server, and what's really needed to stop phishing is server auth. Adam