On Di Mai 26 2009, Jeroen van Meeuwen wrote: > Although this is entirely true, my bank sure considers my phone safe > enough to send me one-time transaction confirmation codes that are only > valid with the existing session. I do not know how it is in your country, but afaik in Germany banks normally do not take the risk for online banking, but the customer. So the customer has to proove that a transaction was fraud. In comparsion, for offline banking, the bank has to proove that a transaction in question is valid. So for them it is enough that a judge believes that the phone is safe enough to make it hard for the customer to proove, that he was attacked. Also in Germany there was an implementation live that allowed an attacker to use normal transaction verification codes to enroll a phone that allowed to create an arbitrary amount of new verification codes. Regards Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
