In article <Pine.LNX.4.64.1202121919390.10731@a84-22-97-10.cb3rob.net> you write:
btw, i'm quite sure that -banks- of all things have the resources to just take the transaction part for consumers -off their pcs- and simply send them a dedicated device with an ethernet port to do the transactions on.
More likely USB, but yes, a doozit with a small screen to display the amount and recipient of a transaction and a verification code you type in, and sufficient crypto to set up a secure channel back to the bank would fix a lot of phishing. I don't understand bank security at all. HSBC recently sent me a Digipass 270 with a 12 button keyboard and a one-line display that is apparently able to do signatures, but all they use it for is a PIN. That's helpful against password theft, but not MITM. R's, John