Gadi Evron wrote: [...]
Regular type "fake site" phishing is going to be with us for a long time yet but several of the organized crime groups involved are hard at work at released Trojan horses using root kit technology daily, which basically steals your credentials to every HTTPS site you enter, and reports home.
How do banks, ISP's, or whoever else defend from the roblem moving to the user-side? That is a very interesting question indeed. :)
Over here some banks issue customers a password token device that uses a combination of your card, a number sent by the web site and a PIN to generate a one-time password. It seems a reasonable system, and isn't really new technology. However, while bank web site security may be on-topic for other lists I suspect it's wandering off-topic for NANOG. Regards, -- leo vegoda Registration Services Manager RIPE NCC