>Another point before I forget: I don't know about you, but where I >live, we have special hardware devices with SIM cards that will >generate a key for us to get into our e-banking sites, based on a >random generated code. The hardware device must be unlocked with a PIN >first, then a random generat ed number from a login website must be put >into the device to get a final code.
Such hardware devices are still vulnerable to fishing attacks; by modifying the transactions as they are approved, attackers can piggy-back rogue transactions on top of authorized transactions (this is what happened recently to a Dutch bank) For now, these attacks are all Windows based as a considerable amount of software needs to be installed on the raget system and writing it for the most common platform is easiest. Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org