Show of hands on Internet banking at an Internet cafe (Was:
[cap-talk] Plugging the YURL leak -- back to the beginning)
Tyler Close
tyler.close at gmail.com
Wed Nov 30 10:42:40 EST 2005
I'll respond to other parts of this thread later, but I first wanted
to check something.
On 11/29/05, Sandro Magi <smagi at naasking.homeip.net> wrote:
> There has been a great deal of interesting discussion since I last
> weighed in. I hate to sound like a broken record, but I wanted to bring
> these ideas back and apply them to the scenario that is currently tough
> on the web-calculus.
Could I get a show of hands from everyone who has ever used an
Internet cafe computer to log into their online bank account, or stock
trading account.
Personally, I would never do this. A software keyboard sniffer can be
installed on a Windows box without any physical or privileged access.
Any customer could do it. For me, it is inconceivable that such
publicly accessed Windows computers could be kept malware free.
As for the rest of the thread, a password capability design can be
made every bit as secure as today's login/password designs. More
later...
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957
More information about the cap-talk
mailing list