WebApp Sec mailing list archives

Re: Proposal to anti-phishing

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 14 Jan 2005 23:58:21 +0100

* Rafael San Miguel:

The solution is based in a hardware token that is
delivered to every customer. This token includes the
true certificate that should be presented by the bank
when a customer access his/her account, and a program
that checks if the certificate presented by the
webpage is consistent with the first one. The program
is in read-only memory so that it can't be modified by
anything external to it.


It's acceptable neither to customers nor to banks.  These days,
zero-setup online banking is an absolute must.

Current thread:

RE: Proposal to anti-phishing, (continued)
- - RE: Proposal to anti-phishing Lyal Collins (Jan 16)
    - Re: Proposal to anti-phishing Moksha Faced (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
  - Re: Proposal to anti-phishing Rob Skedgell (Jan 19)
    - Re: Proposal to anti-phishing Cory Foy (Jan 23)
- Data sanitization approaches in Java Benjamin Livshits (Jan 15)
  - Re: Data sanitization approaches in Java Jeff Williams (Jan 16)
    - Re: Data sanitization approaches in Java Stephen de Vries (Jan 19)
- Re: Proposal to anti-phishing Florian Weimer (Jan 16)
  - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 23)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)
    - Re: Proposal to anti-phishing Griffiths, Ian (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)
    - RE: Proposal to anti-phishing lists (Jan 24)
    - Re: Proposal to anti-phishing Kurt Seifried (Jan 24)

(Thread continues...)