[clug] New script based Phishing makes Windows even less safe.
Alex Satrapa
grail at goldweb.com.au
Wed Nov 10 22:04:07 GMT 2004
On 10 Nov 2004, at 22:17, Sam Couter wrote:
> I think they've demonstrated a complete lack of caring. The problem is
> *very* easily solved with a tiny, inexpensive device that fits inside a
> wallet or purse.
The hard part is the authentication at the server end - it's not just a
plug-and-play solution at this point in time. Things are especially
confused when the FI is running their website on a Windows box - you
don't want to run software on a Windows box unless you are absolutely
sure it's not going to crash Microsoft Windows.
> ... I think the "don't care" hypothesis is a natural
> conclusion.
From what I could see, the cost of running the key system (ignoring the
cost of the administrator behind it) is going to be in the order of $20
per customer per year, I would expect the installation cost to be in
the order of $20k, including time required to rewrite the login page.
So unless the FI is regularly losing that much money due to people
giving away their passwords, it's not profitable to use a token system.
Then there are the costs of tracking bugs in the system, now that there
is a new piece of software installed on the Microsoft Windows server.
Alex
"If knowledge can create problems, it is not through ignorance that we
can solve them." --Isaac Asimov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20041111/f38b8a61/PGP.bin
More information about the linux
mailing list