[Gllug] Linux online banking yet again,

Chris Bell chrisbell at overview.demon.co.uk
Wed Oct 3 10:34:22 UTC 2007


On Wed 03 Oct, Jason Clifford wrote:
> 
> On Wed, 2007-10-03 at 09:51 +0100, Martin A. Brooks wrote:
> > HSBC's online business banking _used_ to be IE only, due to them using a 
> > single ActiveX control that counted down from 10 to zero before before 
> > requesting a file certificate file from the upstream server.  As near as 
> > I can work out, the 10 second delay was to give the server more time to 
> > generate the certificate.
> 
> I know. When I first tried to register for it (about 3 years ago) I
> failed for that reason. At the time I complained explaining to my branch
> manager that the system was horribly insecure and slow. She noted my
> complaint and reported it upstream.
> 
> Early this year I had a meeting with a new business accounts manager at
> the branch and she explained they have a new system in place. Now
> authentication is 2 fold - a password and a 6 digit code generated by a
> keyfob which is valid for 1 minute.
> 
> It works nicely and is platform independent - all I need is a browser
> that supports ssl.
> 
> Jason
> 

   I saw a report that a bank in north west Europe / Scandinavia had been
hit by a worm that waited until a user had logged in to their account using
just such a system, and made its own transfers while the link was still open
but the user had finished.

-- 
Chris Bell NEW alternative address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list