| |||||||||||||
|
| |||||||||||||
client-side certificateclient-side certificatePosted Feb 25, 2005 16:43 UTC (Fri) by giraffedata (subscriber, #1954)In reply to: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine) by ekj Parent article: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine) The first time you use the bank you have to download a client-side certificate. This is installed in the browser Does that mean you can't access your bank from another computer? If so, I'd switch banks if it were I. What you've described doesn't seem to solve the homograph problem, though. The fake bank site would accept the certificate.
(Log in to post comments)
client-side certificate Posted Feb 26, 2005 9:21 UTC (Sat) by Klavs (subscriber, #10563) [Link] >Does that mean you can't access your bank from another computer? If so, I'd >switch banks if it were I.
If you don't bring your client certificate on, say, a USB-token? This coincides with the good principal of "something you have". With all (AFAIK) banks in DK incl. Skandiabanken, you have to have something you know, and something you have. They are only lacking "something you are" ;) - much better than just something you know(ie. like a password).
>What you've described doesn't seem to solve the homograph problem, though. >The fake bank site would accept the certificate.
client-side certificate Posted Feb 26, 2005 18:27 UTC (Sat) by giraffedata (subscriber, #1954) [Link] Yes, I was confused. You're talking about a scheme to make the stealing of a password unproductive (because the password isn't useful by itself), rather than to prevent someone from being fooled into thinking he is talking to his bank when he is not. Improving on the security of the password is good, but for a whole bunch of other reasons, phishing itself needs to be dealt with too.
|
|
||||||||||||