[LINK] Consumer computer security
Reagan Blundell
reagan at whatever.net.au
Wed Jan 24 09:49:06 AEDT 2007
Craig Sanders wrote:
> On Tue, Jan 23, 2007 at 01:00:08PM +1100, Marghanita da Cruz wrote:
>> With regard to physing, if a username/password is captured in a
>> phishing scam, don't they also need to fake the IP address?
>
> nope. most people don't have a static IP address, they get a dynamically
> assigned IP whenever they log in to the net.
>
> AFAIK, no bank even has an option allowing the user to limit the IP
> address(es) that they may login from. i wish they did, i'd find it
> useful - i have my own /24s and only ever login to my bank from home.
>
The bank I work for does, but we're an Investment, rather than a
retail/high-street bank (or at least the dept I'm in is - we also have a
retail branch). So the amounts of money being traded are a bit more
than your Joe-Sixpack's balance in his savings account, and our
customers are more likely to be on static IPs.
More information about the Link
mailing list