Good stuff here.

“And that’s the key issue – you have to trust the endpoints in a given Web transaction, not just the security “on the wire”. Security on the wire is important – SSL is how you ensure that none of the myriad networks your little packet might traverse between you and the bank has an easy opportunity to steal your account details without even needing to be present – but it’s only part of the end-to-end security story, and with on-the-wire security generally accepted to be “good enough” to stop the casual hacker, my gut tells me the local endpoint – and that’s typically the client – is the most frequent point of compromise.”

Yup.

Alex Eckelberry