Welcome to WebmasterWorld Guest from 220.127.116.11
The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker's account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead. . . .The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid.
[edited by: lawman at 6:10 am (utc) on Feb 28, 2010]
[edit reason] Edited To Conform With TOS #10 [/edit]
I can currently get a fair degree of certainty of security and privacy by using Linux...
I thought all modern OSes (AFAIK including Win Vista) require you to re-enter the admin password when doing something that requires privileges.
Will they work with an ARM netbook without a CD drive?
What about people who do their banking from work?
average users cannot change BIOS settings
I've been a proponent of photographs on credit cards for a long time
if I were a criminal, I'd look at the possibilities of compromising the the CD before being burnt
I'd also consider trying to compromise common routers.
That's not what I meant - I meant that a photograph of the user should be taken whenever a card transaction takes place. That way, even without any sort of face recognition, clear evidence of the perpetrator would exist.
A bug in this single generic disk could mean every bank would have its customers accounts compromised. It is less likely, but the results could be worse than the Windows monoculture.