[Dshield] Banks shifting logins to Non-SSL Pages

Justin S jgs316 at gmail.com
Wed Aug 24 15:59:48 GMT 2005


On 8/24/05, Tony Earnshaw <tonye at billy.demon.nl> wrote:
> ons, 24.08.2005 kl. 16.03 skrev jmulkerin:
> 
> > I run a fairly big Credit Union network and On-Line Banking is safer
> > than sending paper-based statements out in unsecured USPS mail.  I think
> > if a CIO is not using his On-Line Banking, he either doesn't understand
> > his own security environment, isn't fixing it, or does not have the
> > interest in "electronic" banking.   I see many more instances of
> > dumpster diving than I do electronic diving.    We've been using
> > SSL-enabled logins on our main Web site for years.  99% of our members
> > have been much happier with the faster speed.  It greatly reduces the
> > noise in our on-line banking logs.  Because On-Line Banking needs to be
> > tightly bolted down, we can not do rapid changes as the environment
> > changes.  Our main web site is not as stringently controlled and we can
> > add notices and warnings to our member.  This provides our members with
> > much more information.
> 
> Tell us (all, here) exactly what your "fairly big Credit Union network"
> has done to ensure 100% security for its online customers, and I'll
> measure it against what my bank has been doing for years. Chances are,
> that you'll come out weeping.
> 
> --Tonni
Does anyone here really believe any company can "ensure 100% security"
on the internet?

>
>The following statement is an oxymoron: "On-Line Banking is safer than
>sending paper-based statements out in unsecured USPS". Banking isn't
>done by "sending paper-based statements out in unsecured USPS".
>
Banking can be done by mail.  It's called sending a check with a loan
coupon to make your loan payment.  Just put it in your mailbox and put
the flag up so everyone that passes by can see you have all of your
account information sitting there for them to pick up at their
leisure.  Yer right....that's much safer.



More information about the list mailing list