[LINK] Consumer computer security

Craig Sanders cas at taz.net.au
Tue Jan 23 15:38:16 AEDT 2007

On Tue, Jan 23, 2007 at 01:00:08PM +1100, Marghanita da Cruz wrote:
> With regard to physing, if a username/password is captured in a
> phishing scam, don't they also need to fake the IP address?

nope.  most people don't have a static IP address, they get a dynamically
assigned IP whenever they log in to the net.

AFAIK, no bank even has an option allowing the user to limit the IP
address(es) that they may login from. i wish they did, i'd find it
useful - i have my own /24s and only ever login to my bank from home.


craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list