...At 11:26 PM -0500 8/14/04, Bruce Schneier wrote:
Websites, Passwords, and Consumers
Criminals follow the money. Today, more and more money is on the Internet. Millions of people manage their bank accounts, PayPal
...though the security problem has nothing to do with the bank,
The banks have nothing to do with it? Banks are often acting
irresponsibly and making it easier for phishers to lure their customers,
by...
1. not protecting the login pages using SSL/TLS, e.g. www.chase.com
(more examples here: http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing_files/image005.gif)
2. not using meaningful, consistent domain names (one of the following is spoofed: http://tdwaterhouse.ip02.com, http://citibank-verify.4t.com)
3. not giving correct advice to customers (too many examples...)
4. not using signed e-mail to send their messages...
... and more...
--
Best regards,
Amir Herzberg Associate Professor, Computer Science Dept., Bar Ilan University http://amirherzberg.com (information and lectures in cryptography & security) Mirror site: http://www.mfn.org/~herzbea/
begin:vcard fn:Amir Herzberg n:Herzberg;Amir org:Bar Ilan University;Computer Science adr:;;;Ramat Gan ;;52900;Israel email;internet:[EMAIL PROTECTED] title:Associate Professor tel;work:+972-3-531-8863 tel;fax:+972-3-531-8863 x-mozilla-html:FALSE url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/ version:2.1 end:vcard
