[Dshield] Banks shifting logins to Non-SSL Pages

Tony Earnshaw tonye at billy.demon.nl
Wed Aug 24 14:44:37 GMT 2005


ons, 24.08.2005 kl. 16.03 skrev jmulkerin:

> I run a fairly big Credit Union network and On-Line Banking is safer 
> than sending paper-based statements out in unsecured USPS mail.  I think 
> if a CIO is not using his On-Line Banking, he either doesn't understand 
> his own security environment, isn't fixing it, or does not have the 
> interest in "electronic" banking.   I see many more instances of 
> dumpster diving than I do electronic diving.    We've been using 
> SSL-enabled logins on our main Web site for years.  99% of our members 
> have been much happier with the faster speed.  It greatly reduces the 
> noise in our on-line banking logs.  Because On-Line Banking needs to be 
> tightly bolted down, we can not do rapid changes as the environment 
> changes.  Our main web site is not as stringently controlled and we can 
> add notices and warnings to our member.  This provides our members with 
> much more information.  

These are wild and sweeping statements, unfit for one who runs "a fairly
big Credit Union network".

Dunno what/who told you to mix it with people who have both first-hand
and anecdotal experience of the opposite.

The following statement is an oxymoron: "On-Line Banking is safer than
sending paper-based statements out in unsecured USPS". Banking isn't
done by "sending paper-based statements out in unsecured USPS".

Tell us (all, here) exactly what your "fairly big Credit Union network"
has done to ensure 100% security for its online customers, and I'll
measure it against what my bank has been doing for years. Chances are,
that you'll come out weeping.

--Tonni

-- 
To Liza Picquard (?), by Phil Williams on BBC Radio 5, Wed. 10th Aug.
2005, 15:59 CEST:

"What is your definition of 'poor'?"
"Well, if your only occupation is collecting dog turds for a living,
you're pretty poor ..."

mail: tonye at billy.demon.nl
http://www.billy.demon.nl



More information about the list mailing list