AOL Help : About AOL® PassCode
Adam Shostack
adam at homeport.org
Tue Jan 4 13:31:15 PST 2005
On Tue, Jan 04, 2005 at 08:44:11PM +0000, Ian G wrote:
| R.A. Hettinga wrote:
|
| ><http://help.channels.aol.com/article.adp?catId=6&sCId=415&sSCId=4090&articleId=217623>
| >Have questions? Search AOL Help articles and tutorials:
| >.....
| >If you no longer want to use AOL PassCode, you must release your screen
| >name from your AOL PassCode so that you will no longer need to enter a
| >six-digit code when you sign on to any AOL service.
| >
| >To release your screen name from your AOL PassCode
| > 1. Sign on to the AOL service with the screen name you want to
| > release from your AOL PassCode.
| >
|
| OK. So all I have to do is craft a good reason to
| get people to reset their PassCode, craft it into
| a phishing mail and send it out?
Nope! All you have to do is exploit your attack and steal money in
realtime. A securid has no way to authenticate its server, and what's
really needed to stop phishing is server auth.
Adam
More information about the cypherpunks-legacy
mailing list