[17776] in cryptography@c2.net mail archive
Re: the limits of crypto and authentication
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Mon Jul 11 13:33:11 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 10 Jul 2005 12:02:21 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Reply-To: herzbea@macs.biu.ac.il
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com, anti-fraud@lists.cacert.org
In-Reply-To: <20050708190647.374493BFE55@berkshire.machshav.com>
Steven M. Bellovin wrote:
> There's been a lot of discussion about how to strengthen cryptography
> and authentication, to get away from problems of phishing, pharming,
> etc. But such approaches can take you only so far, as this link
> indicates:
>
> http://www.lurhq.com/grams.html
>
> Briefly, it's a Trojan that waits for you to log int o E-Gold, checks
> your balance, and drains your account except for .004 grams of gold.
Steve, thanks. Not really much of surprise, is it? Clearly, a user who
lets malware onto his/her PC, e.g. a VBscript in this case, has lost
control and is open to such attacks.
But... crypto and authentication, imho, are the best tools to prevent
such malware from being installed. Yes, I know, this is far from the
current situation, with corrupted PCs (Zombies) being a very large
fraction (around a third?)...
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
