Printable View
"someone" (we are actually 95% sure of who did it, a coke head) stole 80 bucks from the cash drawer at Dairy Queen sunday night... the rest of us who were also on that drawer are quite peeved as part comes out of our checks for it... I hate druggies who steal...
In some ways, as mentioned indirectly, online banking is safer. YOU initiate the transaction over a secure link, YOU can immediately see the result and YOU can look at your account anytime. No minimum wage, bad attitude teller necessary. Or course if you store your password on the machine and operate poor judgement, going to the bank won't save your butt from idiocy anyway. Like this joker from symantec. I would also consider online credit transaction much more secure that one's conducted in person.
Quote:
Originally posted here by c0br4
Anyway I was just saw some TV program about this kind of thing... and they had a security expert in from symantec, that said "He would never use online banking, and that you could ask anyone who knows anything about computer security and they would all say the same" so I thought I would put that to the test.
hrm, I find it interesting that a Symantec representative would say that when several of their largest clients are banks that have an online division. Maybe that attitude is why they lost our business ;)
I work in that industry and I would trust my information going across the wire, as long as it wasn't a "public" machine (from say a library) and it was a machine that I had secured locally. We, and the FDIC, take security very seriously. The fricken audits we go through are unreal and are more than anything I have seen in the past. VISA CISP is no joke either.
I have seen the cusomters computer as our weak point from day one. I have locked this network down pretty tight, and I'm constantly tinkering with it to make it more difficult to get in to and a harder target so that cyber criminals stay away from us. The problem is the client computers that aren't secured but still connect to us are riddled with spyware, adware, malware, viruses, etc. They are a gateway for mischief but fortunately that mischief can only happen on a single account and not everyone on our networks.
I happen to have a creditcard which I use for online transactions, but I have also made sure that I have a very low limit on this card so I can't pay for extremely expensive stuff with it. I need it anyways because I live in the Netherlands but like to order DVD's, software and books from the USA and UK. (Especially some good computer science/programming books are hard to get here.) However, I do these purchases only with amazon.com and not many other online businesses. (And if I do want to pay on another site, I make darned sure that this is a reliable company!)
Of course, I won't even enter my creditcard data on any site that has an invalid certificate or if it doesn't use SSL to keep my data safe. And I don't use any wireless/public connection either.
For normal banking, I use an application called Girotel for the Postbank. It's a pretty old application and it doesn't connect to the bank over the Internet but uses a direct dial-up connection to a local phonenumber. Okay, so I have to pay for a few phoneticks when I update my bank data but hey, I consider this pretty reliable.
And about Symantec... Well, it's a security company. They profit only as long as people live in fear because they sell stuff so people can calm down their fears. Symantec is actually making a profit from all those viruses, worms and hacker attacks, so you can seriously doubt their motives. It has even be suggested many times that these security companies are actually spreading around viruses themselves to scare people into buying their products.
Then again, it is also rumoured that the people behind RIAA are spreading around those worms that infect all those P2P networks, in an attempt to take them down and stop the spread of MP3 files through these channels.
There could be a valid point in all this too. A large company like Symantec or a large organisation like the RIAA could easily transfer a large sum of money to some Eastern European country and use it there to pay some hacker to develop some of these nasties for them.
And I am wondering why Windows seems to be the only target for all these security leaks. Well, okay. The Unix/Linux/BSD/Mac systems do also have their share of security problems but they are almost nothing compared to Windows. Is Windows targetted simply because it's such a big target or because there's so much profit to be made from it by selling security measures to all those users?
The LiveCD isnt a new idea, In australia a bank (sorry can't remember which one) started mailing out LiveCDs with the intention that all customers use them to do there online banking, this must of been at least a year ago.
Im not sure how well this technique would work with dialup users, as the majority will have winmodems incompatible with linux, however i suppose the people that at technically savvy will be the ones with DSL so there will be less compatability issues, Or maybe broadband is more widely used over there.
Check out Knoppix, or damn small linux, Im in the process of creating my own - although ive got my plans just havent started them yet!
i2c
I'v got a funky RSA gizmo that when ensures security, atleast from password snoops, since the password is always different. However, I belive the connection is only 128bit RSA or DES (not exactly sure), which is kinda disapointing. Was hoping for atleast 2048 RSA :D
First off, about putting your SSN on your resume, I once applied for a job at the Dept. of Defense, I could only submit my resume electronically and the firsth thing they required was your SSN be at the top of each page.
About online banking: It is kind of silly for people to think that because they do not bank online that their financial security is indeed more secure. More and bank move their operations online, and just because you do not personally log into the site, your info is still bounced around out there whether you like it or not.
As was said in many other posts, if you are not stupid about online banking, ie easy password, public terminals, etc. You should be ok, or as safe as the bank's security
I use online banking. IMO the security levels are about the same as if you don't use online banking i.e. you could be so unlucky, but usually you aren't.
In fact, my parents were defrauded through a computer leak and they don't use online banking. The reason - an insider job on a list of names, addresses and card pin nos.
The other problem is the ol' hole in the wall jobbie where the machine is rigged up (if you are really 'good' you also carry out a DOS on any other ATMs in the neighbourhood) to read card details. But then the same thing can be accomplished via shoulder surfing.
Finally, someone can good old fashioned nick your card and do a cash back on it. Chip and pin doesn't stop it as you simple dunder the card and then the details are entered manually (no shop will willingly turn away a customer).
and good old fashioned dumpster diving still works in some stores who haven't updated their card systems to **** out card numbers. Though the ****ing doesn't work so well if you know the calculation method (i.e. it reduces the number of possibilities).
as does mugging.
The best thing is to take some key precautions. Here are some suggestions. Pick out two or three that fit depending on the appropriate threats
1. Carry as few cards as possible around (mugging)
2. Choose a company which gives insurance against identity theft (if you do all your business online)
3. Agree with your bank that you have to physically sign to any direct debit agreements (if you get lots of spam mail and phone calls)
4. Check your accounts and question any oddities (everyone)
5. If you think anything is wrong at all, cancel the cards and transactions instanter. A good reason for banking online as you can cancel 24 by 7. (everyone)
6. Be prepared to forego $100 worth of liability (banks won't accept all the blame even if it is all their fault). (everyone by default)
7. Don't buy online from sources that don't check out (ebayers watch out)
8. Check out which restaurants/stores have updated their card systems (if you buy a lot on credit)
I am sure there are more.
Eventhough you were semingly kidding, you're confusing the key exchange and data exchange encryption phases:Quote:
Originally posted here by Noia
I'v got a funky RSA gizmo that when ensures security, atleast from password snoops, since the password is always different. However, I belive the connection is only 128bit RSA or DES (not exactly sure), which is kinda disapointing. Was hoping for atleast 2048 RSA :D
- the key exchange phase uses public key (aka asymetric) crypto (RSA, DH, DSA, Forezza) which require at least 1024bits to be considered secure*.
- the data exchange phase (ie: the encrypted http conversation for example) uses symetric crypto (RC2, RC4, IDEA, DES, 3DES, AES ciphers) which require a lesser bit length, 128bits being generaly considered secure*...
*For now!
FYI: http://en.wikipedia.org/wiki/Key_length
Ammo
I wasn't confusing anything, all I stated was that I used an electronic device to produce my password, this device is syncronized with the bank and always yealds different passwords, making it useless to catch the key exchange. On another note, I belive it is acctualy a triple DES implementation that is used, althought I can't be certain, will have to look into that when I log on again.
Quote:
Originally posted here by ammo
Eventhough you were semingly kidding, you're confusing the key exchange and data exchange encryption phases:
- the key exchange phase uses public key (aka asymetric) crypto (RSA, DH, DSA, Forezza) which require at least 1024bits to be considered secure*.
- the data exchange phase (ie: the encrypted http conversation for example) uses symetric crypto (RC2, RC4, IDEA, DES, 3DES, AES ciphers) which require a lesser bit length, 128bits being generaly considered secure*...
*For now!
FYI: http://en.wikipedia.org/wiki/Key_length
Ammo