Lance James wrote:
The site asks for your user name and password, as well as the
token-generated key. If you visit the site and enter bogus information to
test whether the site is legit -- a tactic used by some security-savvy
people -- you might be fooled. That's because this site acts as the "man in
the middle" -- it submits data provided by the user to the actual
Citibusiness login site. If that data generates an error, so does the
phishing site, thus making it look more real.

So long as logins are registered and performed in a web page, rather than in the chrome, we are hosed.

Creating a login, and logging into it, has to be a browser and email client function, not a web page function.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to