Forwarded from: *Hobbit* <hobbit@private> If the consumer's machine is already compromised by successful phishing, how does checking a source IP address or requiring a token help in the slightest? The transaction is still at risk and the details are still leaking out. A transaction relayed through the compromised machine is still going to originate from the same network space. This is nuts. The only way to deal with this, aside from the human problem, is to begin with a platform that doesn't provide such a rich environment for worms and spyware to reside. _H* _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 31 2005 - 22:34:11 PST