funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The end of Phishing in sight?

From: Jeff Rosowski <rosowskij () ie ymp gov>
Date: Tue, 18 Oct 2005 15:42:14 -0700 (PDT)
I agree that a USB dongle is probably the best choice for a two-factor
authentication scheme.  However, a USB dongle is still attackable via
spyware.  A spyware program can inject JavaScript code in banking Web pages
to steal money after a victim has logged into their account.  Perhaps IE
needs to turn off DOM access by external programs, BHOs, and toolbars for
https: Web pages.
I think the best solution is a two person authorization on all transactions, similar to what they do in norad and the nuke silos. If you don't have a person you explicitly trust enough, that leads well into a good use for human cloning. :P 
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: