lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: tobias at weisserth.de (Tobias Weisserth)
Subject: Anti-MS drivel

Hi Greg,

Am Do, den 22.01.2004 schrieb Gregh um 07:21:
> ...

> That has nothing to do with ANYTHING. If I install a keylogger on YOUR
> computer and you DONT know about it and let's say your bank was at
> www.bank.com and your account name was BOB and password was 123ghqofc0
> right? Now you have just gone to the bank's web site and have typed, in
> plain text on your keyboard, that username and password. Where does
> CRYPTOGRAPHY stop that being recorded as you TYPE it and later sent
> elsewhere? Surely you know what a keylogger IS dont you?

You couldn't do a thing with the account information of a European
online bankin account. You need a new TAN number for every transaction
you make. Even changing personal data of the account settings requires a
TAN.

No keylogger in the world can make you use this account if you haven't
the TANs.

Delivering TANs may be a "low tech" measure but it works. There hasn't
been a single reported incident of online banking fraud I know of.

For the rest, you have read my views in most other mails,

cheers,
Tobias


Powered by blists - more mailing lists