AOL Help : About AOL® PassCode

Adam Shostack adam at
Tue Jan 4 13:31:15 PST 2005

On Tue, Jan 04, 2005 at 08:44:11PM +0000, Ian G wrote:
| R.A. Hettinga wrote:
| ><>
| >Have questions? Search AOL Help articles and tutorials:
| >.....
| >If you no longer want to use AOL PassCode, you must release your screen
| >name from your AOL PassCode so that you will no longer need to enter a
| >six-digit code when you sign on to any AOL service.
| >
| >To release your screen name from your AOL PassCode
| >	1.  	Sign on to the AOL service with the screen name you want to 
| >	release from your AOL PassCode.
| >
| OK.  So all I have to do is craft a good reason to
| get people to reset their PassCode, craft it into
| a phishing mail and send it out?

Nope!  All you have to do is exploit your attack and steal money in
realtime.  A securid has no way to authenticate its server, and what's
really needed to stop phishing is server auth.


More information about the cypherpunks-legacy mailing list