On Tue, Nov 03, 2015 at 08:27:42AM +0000, Joe wrote: > On Mon, 2 Nov 2015 22:53:03 +0000 > Brian <a...@cityscape.co.uk> wrote: > > > > > > An attacker must inject a payload into a web page that the user > > visits. When the page loads in the user’s browser the attacker’s > > payload will be executed. A user would likely have no knowledge of > > this, irrespective of whatever browser or user-agent string is being > > used. > > > > Without the payload (which the bank's site has delivered) the security > > of the browser is not compromised. If a password were to be obtained > > the bank is complicit in the action. I expect they would take > > responsibilty for this. > > > > > You were going fine until the last sentence...
Umm, no, look up the meaning of the word 'expect'. -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X
