[LINK] RFC No. 2: A reductio ad absurdum?
Adrian Chadd
adrian at creative.net.au
Mon Apr 2 16:45:59 AEST 2007
On Mon, Apr 02, 2007, Roger Clarke wrote:
> "Expressed differently, many eCommerce and even eBanking services
> only work because they exploit vulnerabilities on consumer devices."
They're not strictly vulnerabilities - but yes, single-site signon
type stuff which works across multiple domains inherently uses the exact
same methods that cross-site-scripting vulnerabilities use.
(And to be scared further; see: Penetration of ActiveX into North Korea's
E-Commerce; and the unfortunate side-effect this has had on their
malware uptake rates.)
Adrian
More information about the Link
mailing list