johnl at iecc.com
Fri Sep 23 14:06:27 EDT 2011
>> And further, you should have a client app on your computer for dealing with
>> shared secrets, which is only capable of attempting a visa payment with an
>> entity trusted by Visa.
I don't see how to do that in a useful way without non-programmable
hardware. We've seen PC-based malware do pretty much any MITM attack
you can imagine.
PS: I was impressed by the malware that redrew images in which the
bank had put a text representation of the transaction to be approved.
More information about the cryptography