[149707] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (John Levine)
Sun Feb 12 14:49:07 2012
Date: 12 Feb 2012 19:47:56 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.64.1202121919390.10731@a84-22-97-10.cb3rob.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In article <Pine.LNX.4.64.1202121919390.10731@a84-22-97-10.cb3rob.net> you write:
>btw, i'm quite sure that -banks- of all things have the resources to just
>take the transaction part for consumers -off their pcs- and simply send
>them a dedicated device with an ethernet port to do the transactions on.
More likely USB, but yes, a doozit with a small screen to display the
amount and recipient of a transaction and a verification code you type
in, and sufficient crypto to set up a secure channel back to the bank
would fix a lot of phishing.
I don't understand bank security at all. HSBC recently sent me a
Digipass 270 with a 12 button keyboard and a one-line display that is
apparently able to do signatures, but all they use it for is a PIN.
That's helpful against password theft, but not MITM.
R's,
John
