06-01-2006, 02:02 PM
Quote:Yet as phishing gets slicker, users are getting smarter. As the average Joe becomes less likely to type in authentication information in response to an e-mail, more and more cybercriminals are turning to SSL-evading Trojans.
These Trojans install themselves on unsuspecting users' PCs and either capture user log-on credentials or manipulate transactions after a successful log-on. In both cases, the SSL connection between PC and bank remains intact. The user may think the confidential online transaction is protected against mischief -- but it is not.
That shift has enormous implications. Ever since Netscape released SSL in 1996, consumers have been told that a confirmed SSL-connection icon indicates that it's safe to conduct online business.
full article: http://www.cio-today.com/story.xhtml?sto...Isn_t_Safe&story_id=00100018OFZ7