WebApp Sec: Re: Proposal to anti-phishing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Proposal to anti-phishing

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 14 Jan 2005 23:58:21 +0100

* Rafael San Miguel:

The solution is based in a hardware token that is
delivered to every customer. This token includes the
true certificate that should be presented by the bank
when a customer access his/her account, and a program
that checks if the certificate presented by the
webpage is consistent with the first one. The program
is in read-only memory so that it can't be modified by
anything external to it.


It's acceptable neither to customers nor to banks.  These days,
zero-setup online banking is an absolute must.

By Date By Thread

Current thread:

Re: Proposal to anti-phishing, (continued)
- Data sanitization approaches in Java Benjamin Livshits (Jan 15)
  - Re: Data sanitization approaches in Java Jeff Williams (Jan 16)
    - Re: Data sanitization approaches in Java Stephen de Vries (Jan 19)
- Re: Proposal to anti-phishing Florian Weimer (Jan 16)
  - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 23)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)