[clug] New script based Phishing makes Windows even less safe.

Alex Satrapa grail at goldweb.com.au
Wed Nov 10 22:04:07 GMT 2004

On 10 Nov 2004, at 22:17, Sam Couter wrote:

> I think they've demonstrated a complete lack of caring. The problem is
> *very* easily solved with a tiny, inexpensive device that fits inside a
> wallet or purse.

The hard part is the authentication at the server end - it's not just a 
plug-and-play solution at this point in time. Things are especially 
confused when the FI is running their website on a Windows box - you 
don't want to run software on a Windows box unless you are absolutely 
sure it's not going to crash Microsoft Windows.

> ... I think the "don't care" hypothesis is a natural
> conclusion.

 From what I could see, the cost of running the key system (ignoring the 
cost of the administrator behind it) is going to be in the order of $20 
per customer per year, I would expect the installation cost to be in 
the order of $20k, including time required to rewrite the login page. 
So unless the FI is regularly losing that much money due to people 
giving away their passwords, it's not profitable to use a token system.

Then there are the costs of tracking bugs in the system, now that there 
is a new piece of software installed on the Microsoft Windows server.


"If knowledge can create problems, it is not through ignorance that we 
can solve them."  --Isaac Asimov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20041111/f38b8a61/PGP.bin

More information about the linux mailing list