[e-gold-list] Re: via digg: Citibank Phish Spoofs 2-Factor Authentication

[James A. Donald]

     --
James A. Donald:
 >> Creating a login, and logging into it, has to be a
 >> browser and email client function, not a web page
 >> function.

Viking Coder wrote:
 > Is that what "in the chrome" means - an integrated
 > part of the browser, i.e. some sort of X.509 digital
 > certificate setup?
 >
 > How would that change anything? Phishers would still
 > lead people down the garden path. It is not the
 > computer that is being "hacked".

If the login is in the chrome, we can deploy zero
knowledge methods such as SPF, which will have the
effect that if the user logs in to a fake site, the fake
site will not get the password.

 > There is *no* amount of provider-based, or
 > interface-based, security that will prevent the human
 > from doing something stupid.

Trouble is, there is nothing stupid about logging into a
site that looks exactly like the site you are used to
logging into.

We cannot prevent people from doing something stupid -
but we can protect against most of the attacks that are
used today, which do not rely on stupidity, but on
sporadic and minor relaxations of vigilance.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      H20WTt5p17Z8Od1XPfkV9aTMbL+vYoJD9D4btp/E
      4IqhKQTsx2ft3CjTBo9pqMhIYPEXGeAPqtjLmnaQ6


---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.