On 2013-01-08 11:20 PM, ianG wrote:
That took me to some random thing like internationalmoney.com. I
phoned up the bank to complain and check ... they guy looked at the
page and said, "sure, that's it!" Reading from the same webpage. I
said "you are training your users to be phished" and he didn't even
get flustered.
Whatever this domain was, I did the traceroute and whois and found
that the whole thing was a totally independent outsourced organisation
outside CBA's country. As it turns out, it was outsourced to HP's
cloud operation in California.
On the same day, I read an article in the major newspaper from the IT
director of the bank saying they would never ever outsource customers'
data outside the bank.
So. Totally hopeless. A recipe for disaster.
Human memorable names only work when the number of things to have proper
names is similar to the number of humans in a group in the ancestral
environment.
That suffices if one is accessing the named entity through an interface
that brings you to entities that correspond to the limited number of
names that you know, which is to say, identify by name works for
petnames, but not for global names.
Thus PKI fails, because it assumes you know the global name. Inevitably,
however, links on the website bring you to names that are company
centric, rather than egocentric, bring you to entities that are petnames
in relation to the company, not petnames in relation to you.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
