Dear RIPE: Please don't encourage phishing
johnl at iecc.com
Sun Feb 12 19:47:56 UTC 2012
In article <Pine.LNX.4.64.1202121919390.10731 at a84-22-97-10.cb3rob.net> you write:
>btw, i'm quite sure that -banks- of all things have the resources to just
>take the transaction part for consumers -off their pcs- and simply send
>them a dedicated device with an ethernet port to do the transactions on.
More likely USB, but yes, a doozit with a small screen to display the
amount and recipient of a transaction and a verification code you type
in, and sufficient crypto to set up a secure channel back to the bank
would fix a lot of phishing.
I don't understand bank security at all. HSBC recently sent me a
Digipass 270 with a 12 button keyboard and a one-line display that is
apparently able to do signatures, but all they use it for is a PIN.
That's helpful against password theft, but not MITM.
More information about the NANOG