|
(November 30, 1999 at 12:00 am)
The "bad guys" don't gain anything by inserting a MITM device driver as long as the ZTIC controls access to the "real secrets" (crypto keys, smart card, PIN, e.g.) and operates on them only after displaying to the user the data to be exchanged with the server: The user would see the MITM operations (and cancel the operation) and the server would not accept changes by the MITM software --assuming we trust TLS/SSL to be a secure protocol :-)
(November 30, 1999 at 12:00 am)
Yeah but still, Blueray was said to be "unbrokeble", but today I saw some news that they have cracked it. So it is just matter of time until this stick is cracked too and then the virus-creators will just proceed. In my opinion this solution suck. But it is a better then what I would thought of ofc.;)
(November 30, 1999 at 12:00 am)
And how hard can it be to insert a man-in-the-middle devicedriver that emulates this device and makes it even easier for fraud (if a lot of banks use this) by emulating both channels to the device(s) (bot the ztick and the bank). I'd say this LOWERS the chance of getting hit by fraudlent individuals, since they have easy targets.
(November 30, 1999 at 12:00 am)
If it were possible to load software onto the ZTIC, then you were right. However, it's been designed so that this should be _very_ hard (I'd say "impossible", but you never know :-) It'll be much harder than with PC's anyway :-)
(November 30, 1999 at 12:00 am)
Hmmm what if a virus/malware-programmer creates a virus/malware for that stick? so when the user stops the usb the virus/malware copies it self to the stick and the stick is conatining virus? Then the stick is a bad idea?
(November 30, 1999 at 12:00 am)
bravo
(November 30, 1999 at 12:00 am)
In principle and technically, yes. For security reasons, ZTIC needs to be configured to support specific banks, though (it only connects to configured servers).
(November 30, 1999 at 12:00 am)
this can be used in any country, and diferent banks????
(November 30, 1999 at 12:00 am)
awesome |
