[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
tom wrote: > > Aint got a mobile phone - aint got a signal here. Which is one reason not to do it. On the other hand they could call you on a land line. Paypal, Ebay and Google already use SMS or telephones widely for out of band checks on identity at various points. > Once again tho - what makes you fell SMS is secure? I didn't say it was, on the other hand unless the compromised machines is your mobile phone it gets around the issue of the end users computer being compromised which WAS the problem being discussed. > The signal is available 'locally' so > that's crackable too. Good luck - but a different problem and skill set. And when you say "locally" you mean local to you not necessarily the person or group who compromise Desktop PCs. > What makes you think the NatWest secure channel is > not vulnerable to man in the middle? I outlined how it could be defeated with social engineering. Again it may be that this secure channel is defeatable but that is a harder problem than owning a desktop PC. > This is one of those 'unsolvable' problems No the problem being discussed was what to do about compromised machines - which is solvable - one solution is out of band communication. Also the assumption that mobile phone and computer or phone and computer are not one and the same isn't strong. I'm not sure bootable CDs is a good solution since that will just encourage people who compromise PCs to hack with your BIOS or other state information between boots. > I saw random encryption techniques many years ago and have often > wondered what happened to it but it looked as good as you can get. How exactly would this help for a compromised PC in online banking? -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html