Steven M. Bellovin wrote:
There's been a lot of discussion about how to strengthen cryptography
and authentication, to get away from problems of phishing, pharming,
etc. But such approaches can take you only so far, as this link
indicates:
http://www.lurhq.com/grams.html
Briefly, it's a Trojan that waits for you to log int o E-Gold, checks
your balance, and drains your account except for .004 grams of gold.
Steve, thanks. Not really much of surprise, is it? Clearly, a user who
lets malware onto his/her PC, e.g. a VBscript in this case, has lost
control and is open to such attacks.
But... crypto and authentication, imho, are the best tools to prevent
such malware from being installed. Yes, I know, this is far from the
current situation, with corrupted PCs (Zombies) being a very large
fraction (around a third?)...
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]