>> Such hardware devices are still vulnerable to fishing >> attacks; by >> modifying the transactions as they are approved, >> attackers can piggy-back >> rogue transactions on top of authorized transactions
>Considering such devices (at least mine) are only used at login time, >it would be extremely diffic ult, if not impossible to "piggy back" off >of it. Because to get in the next time around, you'd nee d one of those >again, and all the codes would have changed. As soon as one logs in, >the codes are i nvalidated to begin with. If the authentication only happens at login and all transactions entered are covered by the login, then it's even easier to send rogue transactions. Once your browser or local system is compromised, you lose all control over the data send to the bank and what data is displayed by your browser. Casper _______________________________________________ opensolaris-discuss mailing list [email protected]
