The system is flawed, and there is no way around it.
1) Bob goes to phishing website (because of an email, cache poisoning, etc.)
Website looks EXACTLY like his bank's website (including a legitimate captcha).
2) Bob enters Username.
Bob enters phrase from captcha.
Bob presses enter.
3) Phishing website enters this information into bank's website via botnet, tor, etc. to mask its IP.
4) Real bank's website responds to phishing website asking for "security question".
5) Phishing website prompts Bob for "security question".
6) Bob answers security question.
7) Phishing website continues bank website session with real security question answer.
8) Bank site responds with "Security Key" image and password prompt.
9) Phishing webite forwards this on...
There is _NO_ way to make this process secure, it's a man-in-the-middle attack and the bank nor the user can really protect themselves with this model. Unfortunately there are not any existing systems that can solve this problem.
Anyone else notice that this article reads like an advertisement for 360gamesaves? There's three links to it.
XBox-Scene is a news site. Similar to the one you're reading, the software they are talking about was written by the people at 360gamesaves and the first half of the article is a quote from 360gamesaves.
I think that might be the point, these people may not be the 'best' people; they aren't the people being recruited by Google and Microsoft. These are 'white collar folk', who aren't genius programmers. Less innovative maybe, but the innovative people can make innovative software and other companies can make their own solutions once the ideas have matured.
Yes, it takes time and money but it isn't unthinkable to change how software is written. Fully understand your customer, and justification for EVERY code change. Code reviews aren't important, they're everything. When the way we think about writing code changes and the procedures become commonplace it won't cost so much to do it this way.
Why do I feel like I've just had a large target drawn on my forehead? It seems like most open source programmers aren't the richest people around and are therefore not worth suing. Now I can go out and get a billion dollar insurance policy and go broke going to court every three days.
In high school (several years ago) our school newspaper was produced in Quark Express, which did not lend itself to HTML at all (at least at the time). We would print the document as a PDF and then use BCL Magellan: http://www.bcltechnologies.com/document/products/m agellan/magellan.htm to convert it to HTML (and HTML that was readable on any browser at that...). It seems the company now has a web based solution: http://www.gohtm.com/ and that Magellan now converts from.doc as well.
Cities CAN offer services if the local telcom refuses and then doesn't offer their own within 14 months. http://www.forbes.com/home/feeds/ap/2004/11/30/ap1 683445.html
Anywhere I have lived it has taken well more than 14 months for a local telcom to go from drawing board to actually offering a service. This provision sounds like it's to prevent municipalities from undercutting an already in-progress project. Besides, I don't want to pay taxes for this service, I want to pay a company who I can complain to. (Not that they'll listen, but they'll listen a whole lot more than some local government.)
Slashdot Mirror
The system is flawed, and there is no way around it.
1) Bob goes to phishing website (because of an email, cache poisoning, etc.)
Website looks EXACTLY like his bank's website (including a legitimate captcha).
2) Bob enters Username.
Bob enters phrase from captcha.
Bob presses enter.
3) Phishing website enters this information into bank's website via botnet, tor, etc. to mask its IP.
4) Real bank's website responds to phishing website asking for "security question".
5) Phishing website prompts Bob for "security question".
6) Bob answers security question.
7) Phishing website continues bank website session with real security question answer.
8) Bank site responds with "Security Key" image and password prompt.
9) Phishing webite forwards this on...
There is _NO_ way to make this process secure, it's a man-in-the-middle attack and the bank nor the user can really protect themselves with this model. Unfortunately there are not any existing systems that can solve this problem.
CoLinux is a wonderful thing. http://www.colinux.org/
Anyone else notice that this article reads like an advertisement for 360gamesaves? There's three links to it.
XBox-Scene is a news site. Similar to the one you're reading, the software they are talking about was written by the people at 360gamesaves and the first half of the article is a quote from 360gamesaves.
I think that might be the point, these people may not be the 'best' people; they aren't the people being recruited by Google and Microsoft. These are 'white collar folk', who aren't genius programmers. Less innovative maybe, but the innovative people can make innovative software and other companies can make their own solutions once the ideas have matured.
Near perfect software is possible:
They Write the Right Stuff (I got it from here: Space Shuttle Software: Not For Hacks)
Yes, it takes time and money but it isn't unthinkable to change how software is written. Fully understand your customer, and justification for EVERY code change. Code reviews aren't important, they're everything. When the way we think about writing code changes and the procedures become commonplace it won't cost so much to do it this way.
Why do I feel like I've just had a large target drawn on my forehead? It seems like most open source programmers aren't the richest people around and are therefore not worth suing. Now I can go out and get a billion dollar insurance policy and go broke going to court every three days.
In high school (several years ago) our school newspaper was produced in Quark Express, which did not lend itself to HTML at all (at least at the time). We would print the document as a PDF and then use BCL Magellan: http://www.bcltechnologies.com/document/products/m agellan/magellan.htm to convert it to HTML (and HTML that was readable on any browser at that...). It seems the company now has a web based solution: http://www.gohtm.com/ and that Magellan now converts from .doc as well.
The reason people keep referring to using sodium to create hydrogen is from a recent article:
2 54.shtml
:-)
http://science.slashdot.org/science/05/07/13/2322
Not quite tested and perfected, however not an absurd magic bullet either...
(You must not be an hourly slashdot reader huh
As I read it, this DOES require BIOS modification, it just does a simpler modification and it is an automated way to do it.
Ma Bell, by the way... My Yahoo and My Excite and My this and My that have gotten to your brain.
Cities CAN offer services if the local telcom refuses and then doesn't offer their own within 14 months. http://www.forbes.com/home/feeds/ap/2004/11/30/ap1 683445.html
Anywhere I have lived it has taken well more than 14 months for a local telcom to go from drawing board to actually offering a service. This provision sounds like it's to prevent municipalities from undercutting an already in-progress project. Besides, I don't want to pay taxes for this service, I want to pay a company who I can complain to. (Not that they'll listen, but they'll listen a whole lot more than some local government.)