Dear RIPE: Please don't encourage phishing

John Levine johnl at iecc.com
Sun Feb 12 19:47:56 UTC 2012


In article <Pine.LNX.4.64.1202121919390.10731 at a84-22-97-10.cb3rob.net> you write:
>btw, i'm quite sure that -banks- of all things have the resources to just 
>take the transaction part for consumers -off their pcs- and simply send 
>them a dedicated device with an ethernet port to do the transactions on.

More likely USB, but yes, a doozit with a small screen to display the
amount and recipient of a transaction and a verification code you type
in, and sufficient crypto to set up a secure channel back to the bank
would fix a lot of phishing.

I don't understand bank security at all.  HSBC recently sent me a
Digipass 270 with a 12 button keyboard and a one-line display that is
apparently able to do signatures, but all they use it for is a PIN.
That's helpful against password theft, but not MITM.

R's,
John




More information about the NANOG mailing list