Re: On-line Bank Auth. Was: Privacy

On 31 Jul 2011, at 20:16, David Chadwick wrote:

> 
> 
> On 31/07/2011 19:09, Mo McRoberts wrote:
>> 
>> One “solution” which seems to be gaining traction in the banking
>> sector is Trusteer Rapport, which I'm having real trouble
>> distinguishing from malware.
>> 
> 
> not surprising, since the UK SME that produces it seems to believe more in security through obscurity rather than on using published open, and rigorously validated security protocols and algorithms. When I spoke to one of their directors, he was not willing to reveal anything about how it works

From the various browser crashdumps I've seen over the last couple of days, I was at least able to see that it works by injecting itself into your browser processes and monitoring/intercepting your activity that way (and, according to the crashdumps, it does that badly).

So, yeah — “indistinguishable from malware” does very much seem to apply to the implementation techniques.

M.

-- 
Mo McRoberts - Data Analyst - Digital Public Space,
Zone 1.08, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA,
Room 7066, BBC Television Centre, London W12 7RJ,
0141 422 6036 (Internal: 01-26036) - PGP key 0x663E2B4A

Received on Sunday, 31 July 2011 19:30:16 UTC