|
|
|
|
|
|
by giaour
1262 days ago
|
|
|
> What you seem to have discovered are client-side vulnerabilities that would require direct network access to the client machines to be exploited We don't know what a user has installed on their local machine, so a bank mandating that users install an application with known vulnerabilities has reduced its security posture to whatever client-side chicanery is happening on a given computer. This may shift liability (i.e., it's not the bank's fault if malware intercepts traffic sent to a localhost web server) but does not improve security. As a user, you might be able to use software with known client-side vulnerabilities safely by constructing isolated sandbox environments for each permutation of required client-side "security" software, but it's unrealistic to expect everyday users to do so. |
|
|