 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I always thought having executable code downloaded to your UI was a bad
idea. I wonder how long it will be before the general public figures out
you need ACLs with programs as principles as well as people.
http://news.cnet.com/8301-27080_3-10363836-245.html?tag=newsLeadStoriesArea.1
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> I always thought having executable code downloaded to your UI was a bad
> idea. I wonder how long it will be before the general public figures
> out you need ACLs with programs as principles as well as people.
There was a reference in the article (linked in OP) to a known exploit
in IE, FF, and Opera. While MS has needed a smack on the head for its
ongoing love affair with unsafe features, the people who make FF and
Opera need a double-smack. Their alleged superior security is a large
part of the reason that people use them.
Regards,
John
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
John VanSickle wrote:
> Their alleged superior security is a large
> part of the reason that people use them.
Given the article talks about getting executables by email, I suspect it's
either hooking the IP stack or installing a local proxy server to rewrite
code on the fly. I don't imagine it's actually breaking into the browser as
such.
That said, having executable code in your UI specification is still a bad idea.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
John VanSickle <evi### [at] hotmail com> wrote:
> There was a reference in the article (linked in OP) to a known exploit
> in IE, FF, and Opera. While MS has needed a smack on the head for its
> ongoing love affair with unsafe features, the people who make FF and
> Opera need a double-smack. Their alleged superior security is a large
> part of the reason that people use them.
Just because the article says that you are vulnerable to the exploit even
if you are using Firefox or Opera, that doesn't mean that it's the browser
itself which has been compromised. It may be the OS which has been
compromised.
Just as an example, if a trojan installs a keylogger in the system which
sends private information to someone, including eg. things you write in
secure webforms with Firefox, does that mean that it's Firefox which has
been compromised?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> I always thought having executable code downloaded to your UI was a bad
> idea. I wonder how long it will be before the general public figures out
> you need ACLs with programs as principles as well as people.
>
>
> http://news.cnet.com/8301-27080_3-10363836-245.html?tag=newsLeadStoriesArea.1
I don't see how that would work for most German banks, as before a
transaction is made you need to enter a special code from a use-once list
that is provided from your bank. AFAIK there isn't a way to automatically
generate that number, the user would have to be prompted for it, which would
arouse suspicion as they're only used for transferring money. Maybe there
are one or two banks that don't have this system, but I've never heard of
that.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott wrote:
> I don't see how that would work for most German banks, as before a
> transaction is made you need to enter a special code from a use-once
> list that is provided from your bank.
German banks are smarter. The banks here were supposed to (by recent law)
send out those fobs with the one-time digits on them. Instead they opted for
a second password. No! Two-factor authentication doesn't mean two passwords.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> German banks are smarter. The banks here were supposed to (by recent
> law) send out those fobs with the one-time digits on them. Instead they
> opted for a second password. No! Two-factor authentication doesn't mean
> two passwords.
Epic fail.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> Darren New wrote:
>
>> German banks are smarter. The banks here were supposed to (by recent
>> law) send out those fobs with the one-time digits on them. Instead
>> they opted for a second password. No! Two-factor authentication
>> doesn't mean two passwords.
>
> Epic fail.
Just a business decision. The banks are responsible for the money here. (I
understand in Europe that if someone steals your bank card or credit card,
you actually have to pay off the charges?) It was cheaper to pay off the
losses than to send out fobs to everyone.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> I don't see how that would work for most German banks, as before a
>> transaction is made you need to enter a special code from a use-once list
>> that is provided from your bank.
>
> German banks are smarter. The banks here were supposed to (by recent law)
> send out those fobs with the one-time digits on them.
I have a small gizmo for my UK bank, I put my normal ATM card into it, then
type in a code provided by the website, then get given back a code that I
enter into the website to authorise the transfer.
Both that system and the German system are a little inconvenient, because
you always need to have something extra with you to make a transfer. Still
better than the inconvenience of not being able to buy anything because
someone has stolen all your money :-)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott wrote:
> because you always need to have something extra with you to make a
> transfer.
That is precisely why it's called "two-factor authentication." The problem
with having only a password is that you don't know when it has been stolen.
Hence the whole "change your password every 2 weeks" kind of thing.
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
