Re: Crypto dongles to secure online transactions

[Thorsten Holz]

On 08.11.2009, at 01:07, John Levine wrote:


I've made it an entry in my blog at

http://weblog.johnlevine.com/Money/securetrans.html


Actually this type of problem is pretty common in Europe, most banks  
have to deal with malware that threatens their customers. One of the  
most advanced keyloggers out there is currently URLZone, which can  
also perform MitM attacks and transparently re-routes money transfers,  
defeating iTan (index transaction number) systems (see http://www.finjan.com/MCRCblog.aspx?EntryId=2345 
).


There are several approaches to stop (or at least make it more  
difficult) this attack vector. A prototype of a system that implements  
the techniques described in your blog posting was presented by IBM  
Zurich about a year ago, see http://www-03.ibm.com/press/us/en/pressrelease/25828.wss 
 for details. Other manufacturers implemented similar approaches,  
where some kind of trusted device is attached to the machine and also  
the banking card of the customer is used to verify transactions.


Regards,
  Thorsten

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: password safes for mac

[Thorsten Holz]

On 28.06.2009, at 20:34, Perry E. Metzger wrote:

The fact that it isn't open source worries me a bit -- it means I  
can't

verify that it does things correctly. Also, it integrates heavily with
lots of things, which makes me further worry about bugs. I'm looking  
for

something very simple if possible.


KeePassX (http://www.keepassx.org/) might then be the right tool for  
you. Simple, non-intrusive password manager, everything is open- 
source, and it is even cross-platform.


Cheers,
  Thorsten

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com