[Clips] Banks Seek Better Online-Security Tools

[Ian G]

mis at seiden.com wrote:
> okay, i read this story from 7/2005 reporting an incident in 5/2005.  the short form of it is:

Not a bad summary.  I'd say that when one is
dealing with any such crime, there are always
unanswered questions, and issues of confusion
(probably as much for the attacker as the victim).

> even more off-topic:
> 	i'm surprised that the people on this list don't feel as if they have enough
> 	personal connections that at least they could figure out what happened to them
> 	as *some* financial institution.  doesn't anyone else ask, as a basis for imputing
> 	trust  "exactly who did that {protocol, architecture, code} review as a basis for 
> 	imputing trust?  maybe i'm delusional, but i give fidelity some residual credit 
> 	for having adam shostack there, even some years ago, and there are some firms
> 	i'd use because i've been there enough to see their level of care.

Well, even though phishing has been discussed
on this list for about 2 years, it is only in
the last 6 months or so that there has been a
wider acceptance in the subject.  I think your
specific question has been asked so many times
that people's eyes glaze over.

Only in the last few *weeks* did two of the browser
manufacturers acknowledge it publically.  So I
wouldn't expect too much from the banks, who have
to receive authoritive press, institution & regulatory
input before they will shift on matters of security.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com