[EMAIL PROTECTED] wrote:
okay, i read this story from 7/2005 reporting an incident in 5/2005. the short form of it is:
Not a bad summary. I'd say that when one is dealing with any such crime, there are always unanswered questions, and issues of confusion (probably as much for the attacker as the victim).
even more off-topic: i'm surprised that the people on this list don't feel as if they have enough personal connections that at least they could figure out what happened to them as *some* financial institution. doesn't anyone else ask, as a basis for imputingtrust "exactly who did that {protocol, architecture, code} review as a basis for imputing trust? maybe i'm delusional, but i give fidelity some residual credit for having adam shostack there, even some years ago, and there are some firmsi'd use because i've been there enough to see their level of care.
Well, even though phishing has been discussed on this list for about 2 years, it is only in the last 6 months or so that there has been a wider acceptance in the subject. I think your specific question has been asked so many times that people's eyes glaze over. Only in the last few *weeks* did two of the browser manufacturers acknowledge it publically. So I wouldn't expect too much from the banks, who have to receive authoritive press, institution & regulatory input before they will shift on matters of security. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
