[ISN] Web Banking Undergoing Security Upgrade

InfoSec News isn at c4i.org
Tue Nov 1 01:07:51 EST 2005


Forwarded from: *Hobbit* <hobbit at avian.org> 

If the consumer's machine is already compromised by successful
phishing, how does checking a source IP address or requiring a token
help in the slightest?  The transaction is still at risk and the
details are still leaking out.  A transaction relayed through the
compromised machine is still going to originate from the same network
space.

This is nuts.  The only way to deal with this, aside from the human
problem, is to begin with a platform that doesn't provide such a rich
environment for worms and spyware to reside.

_H*






More information about the ISN mailing list