GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« Gamut Spambot Analysis | Main | Microsoft Advance Notification for March 2014 »

06 March 2014

Comments

Thank you for this article showing the evolution of the attack and defense of these types of attacks. I agree with Anatoily that Shape Security is providing a polymorphic approach to website defense.

Secure Web Gateways that are programmed to know each banking website's form elements and permitted fully qualified domain name talkers seems like a good approach for big corporations, however, the normal end user cannot afford such protection.

I think that the financial industry would greatly benefit by using ephemeral virtual desktops via two factor authentication for banking needs. That would keep nefarious entities out of browser and ensure that even if credentials were stolen they would be useless without a time based one time password.

The only way to properly deliver the virtual desktops would be with a fat client (program on the end users machine/device) or over some type of VPN. The average end user would probably be okay installing the fat client.

Pretty interesting concept, however it very much reminded me the article about new start-up Shape Security.
http://www.darkreading.com/vulnerability/security-startups-take-shape-out-of-stea/240165568?cid=NL_DR_Daily_240165568&elq=ce97c93d4b9c4d34b53be8fc40aa76b2
Do you think both ideas are similar and if not, what is the difference?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment