WebApp Sec mailing list archives
Re: Proposal to anti-phishing
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 16 Jan 2005 21:42:06 +0100
* Frank Knobbe:
On Fri, 2005-01-14 at 23:58 +0100, Florian Weimer wrote:The solution is based in a hardware token that is delivered to every customer.It's acceptable neither to customers nor to banks. These days, zero-setup online banking is an absolute must.
perhaps that is true for regular consumer-grade banking clients. But for high dollar transaction processing, zero-setup online banking, which lack any type of security controls, is not acceptable -- neither to the account owner nor the banks.
Of course, but these customers usually do not demand online banking (at least over here). Other services, like batch processing of transactions, are more important. Often, these procedures are not inherently more secure than online banking, they are just very, very different. But impersonating the bank in the real world is a bit more difficult, I think, at least for non-consumer transactions which involve real people.
Current thread:
- RE: Proposal to anti-phishing, (continued)
- RE: Proposal to anti-phishing Lyal Collins (Jan 24)
- RE: Proposal to anti-phishing Lyal Collins (Jan 24)
- RE: Proposal to anti-phishing lists (Jan 24)
- Re: Proposal to anti-phishing Kurt Seifried (Jan 24)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 27)
- Re: Proposal to anti-phishing Moksha Faced (Jan 27)
- Re: Proposal to anti-phishing Jimi Thompson (Jan 23)
- RE: Proposal to anti-phishing Lyal Collins (Jan 24)
- Re: Proposal to anti-phishing Robert Hajime Lanning (Jan 24)
- Re: Proposal to anti-phishing Florian Weimer (Jan 19)
- Re: Proposal to anti-phishing exon (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)
- Re: Proposal to anti-phishing Michael Silk (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)
- Re: Proposal to anti-phishing Michael Silk (Jan 23)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 23)