Re: [ISN] Web Banking Undergoing Security Upgrade

From: InfoSec News (isn@private)
Date: Mon Oct 31 2005 - 22:07:51 PST


Forwarded from: *Hobbit* <hobbit@private> 

If the consumer's machine is already compromised by successful
phishing, how does checking a source IP address or requiring a token
help in the slightest?  The transaction is still at risk and the
details are still leaking out.  A transaction relayed through the
compromised machine is still going to originate from the same network
space.

This is nuts.  The only way to deal with this, aside from the human
problem, is to begin with a platform that doesn't provide such a rich
environment for worms and spyware to reside.

_H*




_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Oct 31 2005 - 22:34:11 PST