btw, i'm quite sure that -banks- of all things have the resources to just
take the transaction part for consumers -off their pcs- and simply send
them a dedicated device with an ethernet port to do the transactions on.
the same way they do in shops.
no more bothering with "omg what if they click a link, get phished and end
up in the transaction interface", as there simply won't be a web based
transaction interface.
guess the "its not allowed to cost anything" mentality of banks towards
the internet is mostly gone (About time too ;) so they could consider
other options besides "using the hardware that's allready there and owned
by the customer (and full of virusses and spyware ;)"
--
Greetings,
Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34 VAT Tax ID: DE267268209
D-13359 Registration: HRA 42834 B
BERLIN Phone: +31/(0)87-8747479
Germany GSM: +49/(0)152-26410799
RIPE: CBSK1-RIPE e-Mail: s...@cb3rob.net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=========================================================================
Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.
On Sun, 12 Feb 2012, Rich Kulawiec wrote:
On Sun, Feb 12, 2012 at 04:44:13AM -0500, Vinny Abello wrote:
All recent email clients I've come across give you anti-phishing
warnings in one way or another if the URL does not match the actual link.
Which is great, but doesn't help you if the URL and the link are:
http://firstnationalbank.example.com
because a significant number of users will only see "firstnationalbank"
and ".com".
That's why I recommend that banks et.al. don't put *any* URLs in their
messages. If they make this an explicit policy and pound it into the
heads of their customers that ANY message containing a URL is not from
them, and that they should always use their bookmarks to get to the
bank's site, then they're training their customers to be phish-resistant.
---rsk
