[LINK] Consumer computer security
Craig Sanders
cas at taz.net.au
Tue Jan 23 15:38:16 AEDT 2007
On Tue, Jan 23, 2007 at 01:00:08PM +1100, Marghanita da Cruz wrote:
> With regard to physing, if a username/password is captured in a
> phishing scam, don't they also need to fake the IP address?
nope. most people don't have a static IP address, they get a dynamically
assigned IP whenever they log in to the net.
AFAIK, no bank even has an option allowing the user to limit the IP
address(es) that they may login from. i wish they did, i'd find it
useful - i have my own /24s and only ever login to my bank from home.
craig
--
craig sanders <cas at taz.net.au> (part time cyborg)
More information about the Link
mailing list