Websites, Passwords, and Consumers (Re: CRYPTO-GRAM, August 15,2004)

[Amir Herzberg]

R. A. Hettinga wrote:
> At 11:26 PM -0500 8/14/04, Bruce Schneier wrote:
> 
>>      Websites, Passwords, and Consumers
>>
>>Criminals follow the money.  Today, more and more money is on the
>>Internet.  Millions of people manage their bank accounts, PayPal
...
>>though the security problem has nothing to do with the bank, 
...
The banks have nothing to do with it? Banks are often acting
irresponsibly and making it easier for phishers to lure their customers,
by...
1. not protecting the login pages using SSL/TLS, e.g. www.chase.com
(more examples here: 
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing_files/image005.gif)
2. not using meaningful, consistent domain names (one of the following 
is spoofed: http://tdwaterhouse.ip02.com, http://citibank-verify.4t.com)
3. not giving correct advice to customers (too many examples...)
4. not using signed e-mail to send their messages...
... and more...
-- 
Best regards,

Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 343 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040816/a8c38281/attachment.vcf>