[funsec] Bank of America's SiteKey scheme for protecting online bank accounts

Florian Weimer fw at deneb.enyo.de
Sat Oct 22 11:55:00 CDT 2005

* Richard M. Smith:

> What do folks think about Bank of America's new SiteKey system for
> protecting online bank accounts:

It's still vulnerable to man-in-the-middle attacks if the terminal has
been compromised. 8-(

I'm not even sure if it is possible to implement this securely on
today's browsers (assuming that the end system is not owned by the
attacker).  At least it's very hard.

More information about the funsec mailing list