funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The end of Phishing in sight?

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 18 Oct 2005 14:32:48 -0700
Richard M. Smith wrote:

I agree that a USB dongle is probably the best choice for a two-factor
authentication scheme.  However, a USB dongle is still attackable via
spyware.  A spyware program can inject JavaScript code in banking Web pages
to steal money after a victim has logged into their account.  Perhaps IE
needs to turn off DOM access by external programs, BHOs, and toolbars for
https: Web pages.
A sufficiently 0wned computer cannot be trusted in any way. It can completely control your view of the Internet. I don't believe there's any defense for this situation. The moment the rightful owner of the compromised computer decides to do some online banking, the attacker wins. 

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: