[Dshield] Banks shifting logins to Non-SSL Pages

Tony Earnshaw tonye at billy.demon.nl
Wed Aug 24 14:44:37 GMT 2005

ons, 24.08.2005 kl. 16.03 skrev jmulkerin:

> I run a fairly big Credit Union network and On-Line Banking is safer 
> than sending paper-based statements out in unsecured USPS mail.  I think 
> if a CIO is not using his On-Line Banking, he either doesn't understand 
> his own security environment, isn't fixing it, or does not have the 
> interest in "electronic" banking.   I see many more instances of 
> dumpster diving than I do electronic diving.    We've been using 
> SSL-enabled logins on our main Web site for years.  99% of our members 
> have been much happier with the faster speed.  It greatly reduces the 
> noise in our on-line banking logs.  Because On-Line Banking needs to be 
> tightly bolted down, we can not do rapid changes as the environment 
> changes.  Our main web site is not as stringently controlled and we can 
> add notices and warnings to our member.  This provides our members with 
> much more information.  

These are wild and sweeping statements, unfit for one who runs "a fairly
big Credit Union network".

Dunno what/who told you to mix it with people who have both first-hand
and anecdotal experience of the opposite.

The following statement is an oxymoron: "On-Line Banking is safer than
sending paper-based statements out in unsecured USPS". Banking isn't
done by "sending paper-based statements out in unsecured USPS".

Tell us (all, here) exactly what your "fairly big Credit Union network"
has done to ensure 100% security for its online customers, and I'll
measure it against what my bank has been doing for years. Chances are,
that you'll come out weeping.


To Liza Picquard (?), by Phil Williams on BBC Radio 5, Wed. 10th Aug.
2005, 15:59 CEST:

"What is your definition of 'poor'?"
"Well, if your only occupation is collecting dog turds for a living,
you're pretty poor ..."

mail: tonye at billy.demon.nl

More information about the list mailing list