[LINK] Consumer computer security

Reagan Blundell reagan at whatever.net.au
Wed Jan 24 09:49:06 AEDT 2007

Craig Sanders wrote:
> On Tue, Jan 23, 2007 at 01:00:08PM +1100, Marghanita da Cruz wrote:
>> With regard to physing, if a username/password is captured in a
>> phishing scam, don't they also need to fake the IP address?
> nope.  most people don't have a static IP address, they get a dynamically
> assigned IP whenever they log in to the net.
> AFAIK, no bank even has an option allowing the user to limit the IP
> address(es) that they may login from. i wish they did, i'd find it
> useful - i have my own /24s and only ever login to my bank from home.

The bank I work for does,  but we're an Investment, rather than a
retail/high-street bank (or at least the dept I'm in is - we also have a
retail branch).  So the amounts of money being traded are a bit more
than your Joe-Sixpack's balance in his savings account, and our
customers are more likely to be on static IPs.

More information about the Link mailing list