Florian Weimer wrote:
If you've deployed two-factor authentication (like German banks did in
the late 80s/early 90s), the relevant attacks do involve compromised
customer PCs. 8-( Just because you can't solve it with your technology
doesn't mean you can pretend the attacks don't happen.
EU finr
On 5/30/06, Derek Atkins <[EMAIL PROTECTED]> wrote:
Quoting "James A. Donald" <[EMAIL PROTECTED]>:
> The obvious solution to the phishing crisis is the widespread
> deployment of SRP, but this does not seem to happening. SASL-SRP was
> recently dropped. What is the problem?
Patents.
Seconded
--
James A. Donald:
> > My understanding is that SSH when using GSS KEX does
> > not cache the keys, which strikes me as a amazingly
> > stupid idea,
Victor Duchovni
> No, that's the whole point. What works for the
> individual administering 10 machines, does not scale
> to organizations with
--
Ka-Ping Yee wrote:
> Passpet's strategy is to customize a button that you
> click. We are used to recognizing toolbar buttons by
> their appearance, so it seems plausible that if the
> button has a custom per-user icon, users are unlikely
> to click on a spoofed button with the wrong icon.
--
Ka-Ping Yee wrote:
> Passpet's strategy is to customize a button that you
> click. We are used to recognizing toolbar buttons by
> their appearance, so it seems plausible that if the
> button has a custom per-user icon, users are unlikely
> to click on a spoofed button with the wrong icon.
On Thu, 1 Jun 2006, Florian Weimer wrote:
> > That is an all purpose argument that is deployed
> > selectively against some measures and not others.
>
> If you've deployed two-factor authentication (like German banks did in
> the late 80s/early 90s), the relevant attacks do involve compromised
> cu
On Thu, 1 Jun 2006, James A. Donald wrote:
> Florian Weimer wrote:
> > There is no way to force an end user to enter a
> > password only over SRP.
>
> Phishing relies on the login page looking familiar. If
> SRP is in the browser chrome, and looks strikingly
> different from any web page, the lo
Here's where SRP fails:
1) SSL is built into the browser - doesn't stop phishers
2) Chrome or no chrome good luck getting it in there and having every
user understand it.
3) Traditional phishing works, but if you force them to change, the
malware propagation will only be higher than it is now, and
On Thu, Jun 01, 2006 at 01:47:06PM +1200, Peter Gutmann wrote:
> Grab OpenVPN (which is what OpenSWAN should be), install, point it at the
> target system, and you have opportunistic encryption.
Forgive my doltishness, but could you expand on that just a bit, please (or
point at the right place in
James A. Donald wrote:
> The obvious solution to the phishing crisis is the widespread deployment
> of SRP, but this does not seem to happening. SASL-SRP was recently
> dropped. What is the problem?
Unfortunately, SRP is not the solution to the phishing problem.
The phishing problem is made up o
10 matches
Mail list logo
