In article <[email protected]> you write: >btw, i'm quite sure that -banks- of all things have the resources to just >take the transaction part for consumers -off their pcs- and simply send >them a dedicated device with an ethernet port to do the transactions on.
More likely USB, but yes, a doozit with a small screen to display the amount and recipient of a transaction and a verification code you type in, and sufficient crypto to set up a secure channel back to the bank would fix a lot of phishing. I don't understand bank security at all. HSBC recently sent me a Digipass 270 with a 12 button keyboard and a one-line display that is apparently able to do signatures, but all they use it for is a PIN. That's helpful against password theft, but not MITM. R's, John
