But here is why: It uses a smart card to verify the user identity and set up a SSL connection to the bank. Thus, man-in-the middle attacks are prevented. As an additional security benefit it uses an internal list of legitimate banking sites so that phishers can't use the null prefix issue. The CLX.Sentinel won't connect to anything that's not on its list, so the browser infections are next to impossible.
The software is installed on the flash memory inside the token, so it can't be patched and it contains countermeasures against debugging and code injection at runtime.
I believe that this amount of countermeasures is needed nowadays.
Posts
No comments:
Post a Comment