You visit phishsite.php, you're already convinced it's your bank, so you enter your password. That php script submits creds (that is obviously possible in under 2 minutes), and then asks for OTP - you're already convinced it's bank, so you enter it. Where is the bar?
Whoa, nobody is saying that. I think a reasonable definition of an "incremental improvement" is requiring attacks to demonstrate a capability they didn't previously have. We already know they can steal passwords, so adding a second shorter password is not an inc improvement.
-
-
we know they can "steal and write to local file" but not "steal and proxy to target site in real time". So that in fact demonstrates a capability they did not previously have.
-
Those are both an example of basic programming ability, not a "capability". A capability would be access to a physical object, knowledge of a secret, etc, etc.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

