> If the authentication only happens at login and all > transactions > entered are covered by the login, then it's even > easier to > send rogue transactions. > > Once your browser or local system is compromised, you > lose all control over the > data send to the bank and what data is displayed by > your browser.
Since this is Solaris, how would you compromise a browser? Executables wouldn't work, Mozilla would want to save them to disk. You could look at cookies and hope that the bank in question was dumb enough to give you extensive hardware authentication, but drop cookies in your browser cache that somebody else could read and use for something. That's lots of hoping, but still no sufficient amount of data to start doing rogue transactions. Although, I see where you're going with this. I can see cookies being an attack vector. And I have a few additional ideas. Still, these scenarios are far removed from the original question, which tries to deal with PC viruses on a non-PC OS. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
