[19128] in cryptography@c2.net mail archive
Re: [Clips] Banks Seek Better Online-Security Tools
daemon@ATHENA.MIT.EDU (Nicholas Bohm)
Tue Dec 6 12:09:47 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 06 Dec 2005 11:02:44 +0000
From: Nicholas Bohm <nbohm@ernest.net>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: cryptography@metzdowd.com
In-Reply-To: <87u0dn8jxi.fsf@mid.deneb.enyo.de>
Florian Weimer wrote:
> * Nicholas Bohm:
>
>
>>dan@geer.org wrote:
>>
>>>You know, I'd wonder how many people on this
>>>list use or have used online banking.
>>>
>>>To start the ball rolling, I have not and won't.
>>>
>>>--dan
>>
>>I do.
>>
>>My bank provides an RSA SecureId, so I feel reasonably safe against
>>anyone other than the bank.
>
>
> But it's just a token measure. You should be afraid of your own
> computer, your own network. SecureID does not authenticate the server
> you're going to send your data to. It does not detect if your
> computer is compromised.
>
> Sure, right now, it might help you personally, but once these simple
> tokens gain market share, attackers will adjust. It's not a general
> solution.
I accept all that.
I hope, not too confidently, that before the attackers adjust enough,
banks will start giving their customers FINREAD type
secure-signature-creation devices of decent provenance whose security
does not rely on non-compromise of my PC or network.
Nicholas Bohm
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 020 7788 2198 (+44 20 7788 2198)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
