[Clips] RSA Security Sees Hope in Online Fraud

[Florian Weimer]

* R. A. Hettinga quotes:

>  Today RSA is perhaps best known for staging a prestigious annual security
>  conference and for selling 20 million little devices that display a
>  six-digit code computer users must type to gain access to computer
>  networks. The code, which changes every minute as determined by an
>  RSA-created algorithm, is unique to each "SecureID" token, making it
>  useless to a snoop.

Of course, SecureID tokens do not prevent man-in-the-middle attacks
carried out in real-time.  For example, it's probably not too hard to
write a Browser Helper Object which automatically rewrites financial
transactions submitted using Internet Explorer.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com