[cap-talk] Security considerations for cookies
Karp, Alan H
alan.karp at hp.com
Tue Feb 23 17:11:43 PST 2010
Toby Murray wrote:
> Absolutely. I was thinking of the petname tool as well when I wrote
> that. I would like to think that there is a way to do better than
> petnames, or a method that doesn't place the same burden of the user
> to do something out of the ordinary in order to be secure when they're
> being attacked.
PassPet (if Ping ever gets around to finishing it) addresses that problem by being incapable of computing your password if you're at a phishing site.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list