[15919] in cryptography@c2.net mail archive
Re: Websites, Passwords, and Consumers (Re: CRYPTO-GRAM, August 15,2004)
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Mon Aug 16 15:10:26 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 16 Aug 2004 16:50:10 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: "'Cryptography'" <cryptography@metzdowd.com>
In-Reply-To: <p06110491bd44f8cabf1a@[66.149.49.5]>
This is a multi-part message in MIME format.
--------------060805070204000301070401
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
R. A. Hettinga wrote:
> At 11:26 PM -0500 8/14/04, Bruce Schneier wrote:
>
>> Websites, Passwords, and Consumers
>>
>>Criminals follow the money. Today, more and more money is on the
>>Internet. Millions of people manage their bank accounts, PayPal
...
>>though the security problem has nothing to do with the bank,
...
The banks have nothing to do with it? Banks are often acting
irresponsibly and making it easier for phishers to lure their customers,
by...
1. not protecting the login pages using SSL/TLS, e.g. www.chase.com
(more examples here:
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing_files/image005.gif)
2. not using meaningful, consistent domain names (one of the following
is spoofed: http://tdwaterhouse.ip02.com, http://citibank-verify.4t.com)
3. not giving correct advice to customers (too many examples...)
4. not using signed e-mail to send their messages...
... and more...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
--------------060805070204000301070401
Content-Type: text/x-vcard; charset=utf-8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/
version:2.1
end:vcard
--------------060805070204000301070401--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
