Home page logo

nanog logo nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing
From: "John Levine" <johnl () iecc com>
Date: 12 Feb 2012 19:47:56 -0000

In article <Pine.LNX.4.64.1202121919390.10731 () a84-22-97-10 cb3rob net> you write:
btw, i'm quite sure that -banks- of all things have the resources to just 
take the transaction part for consumers -off their pcs- and simply send 
them a dedicated device with an ethernet port to do the transactions on.

More likely USB, but yes, a doozit with a small screen to display the
amount and recipient of a transaction and a verification code you type
in, and sufficient crypto to set up a secure channel back to the bank
would fix a lot of phishing.

I don't understand bank security at all.  HSBC recently sent me a
Digipass 270 with a 12 button keyboard and a one-line display that is
apparently able to do signatures, but all they use it for is a PIN.
That's helpful against password theft, but not MITM.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]