Wired Campus: Anti-Phishing Technology Has Holes, Researchers Say

Search The Site

Opinion & Forums
The Chronicle Review Commentary Forums Live Discussions

Careers
News & Advice My Career homepage Search jobs by position type by discipline/field by state/region by institution Tools & Resources Employer Profiles

Multimedia

Resource Center

Services
Help Contact us About The Chronicle Subscribe Day pass Manage your account Advertise with us Rights & permissions Employment opportunities

Get the latest headlines each day:
Wired Campus e-newsletter | RSS

In the Comments

Two years ago in my doctorate program I had to buy a $120 dollar book on affordability and the rising cost of higher education. Anyone else see the irony there? Apparently the publisher didn’t. --John who is not an expert on anything

Fighting a Textbook-Piracy Site

<script language="JavaScript1.1" src="http://ad.doubleclick.net/adj/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"> </script> <noscript> <a href="http://ad.doubleclick.net/jump/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"><img src="http://ad.doubleclick.net/ad/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?" width="300" height="250" border="0"></a> </noscript>

Wired Campus Writers

Josh Fischman
Internet issues, new technology, security, computing

Andrea L. Foster
libraries, copyright, and virtual reality

Jeffrey R. Young
video, audio, and how technology is changing scholarship and teaching

Need more tech news?
Read our complete IT section.

Categories

April 10, 2007

Anti-Phishing Technology Has Holes, Researchers Say

As “phishing” scams keep spreading like wildfire, it becomes tougher and tougher to tell the difference between real bank Web sites and dummies set up by online ne’er-do-wells. So some banks have stepped in with a tentative solution: They’ve started using a tool called SiteKey, which lets sites like Bank of America’s ask prearranged security questions of users logging in from new computers.

But even SiteKey isn’t foolproof, as a pair of researchers at Indiana University at Bloomington have pointed out. In a proof-of-concept video, the researchers show that clever phishers can still defeat the security tool. For the time being, most phishers will likely avoid Web sites that use SiteKey, one expert told The Washington Post‘s Security Fix blog. But if the technology becomes an industry standard, scammers may start exploiting its holes. —Brock Read

Posted on Tuesday April 10, 2007 | Permalink |

Comments

Recently my bank has set up a similar procedure which, while it may be “secure” is also problematic. Not only must the customer remember the answers to the two required questions, the customer also must remember the idiotic questions that he/she selected.

Some folks simply make a file of their security questions and answers and file the information on their computers, the electronic version of taping your password to the monitor!

— Margarete Thomsen Apr 11, 12:20 PM #

Commenting is closed for this article.

Previous: A Surprising Win For Privacy
Next: Speeding Up Peer-to-Peer Downloads

Home | Chronicle Careers | The Chronicle Review