Dropsafe

by Alec Muffett

There’s a big gap between “assuming the client system is untrustworthy” versus “assume it is infected”

I don’t think the hysterical tone of the latter is quite suited to this article, nor of government policy; “infection” is only one of many problems and will narrow how the risks are considered.

ENISA: banks should assume customer PCs are infected

By Stewart Mitchell

Posted on 6 Jul 2012 at 15:09

The European cyber security agency has warned banks to stop assuming that customers’ computers are free from malware and consider offline checks before making large transactions.

The warning from the European Network and Information Security Agency comes in the wake of a series of multimillion pound heists on wealthy bank account holders.

“Banks really should change their stance and assume that all of the customer computers are infected, otherwise it’s difficult to be secure,” a spokesperson for ENISA told PC Pro. “With that in mind, you need to secure the devices and also have a cross check, because they can’t just assume customer computers are clean… The banks should take protection measures to deal with this.”

via ENISA: banks should assume customer PCs are infected | Security | News | PC Pro.

HT: @bensummers

Comments

2 responses to “There’s a big gap between “assuming the client system is untrustworthy” versus “assume it is infected””

  1. Simon

    Not sure I follow. The types of systems being subverted try to minimize trust in the client system, but perhaps don’t go far enough. However I don’t see what category of untrustworthy they need to consider that doesn’t equate to “infected”. Possibly some sort of man in the middle attack allowing Javascript injection, however I suspect the solutions are all the same.

    Reply
  2. Dave Walker

    Call me an old cynic if you will, but this sounds like someone wants to push more TPMs, and use remote attestation as the argument.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts