12-10-2010, 08:57 AM
| | Re: Want basic VOIP supplier that works with text mode browser
Meanwhile, at the uk.telecom.voip Job Justification Hearings, David Woolley
chose the tried and tested strategy of:
> However, iframes are bad practice for 3D Secure (although not as bad as
> the once common practice of going fully man in the middle). With
> iframes it is much more difficult to verify that you really are talking
> to the bank's agent. The challenge phrase is of no security value.
My work credit card prompts for a password when I use it online. I use it
rarely enough online to never be able to remember it, but the people behind
this great bit of security have been thoughtful enough to provide a 'reset
password' link on the page where you're prompted to enter the password. And
after clicking this link, how do they verify that you're entitled to reset
the password? By entering a few key details pertaining the card...that would
have been entered on the merchant's page in order to place an order anyway!
Not only does this offer no additional security whatsoever, it in fact
reduces security, because you've just doubled the likelihood of these
critical details being intercepted.
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
09:48:27 up 1 day, 11:44, 8 users, load average: 0.01, 0.07, 0.15
"I am utterly appalled at how I have been treated like a criminal"
-- Andrew Crossley, ACS:Law, 13 August 2010
 I am not a mathematician