[Gllug] Linux online banking yet again,
Chris Bell
chrisbell at overview.demon.co.uk
Wed Oct 3 10:34:22 UTC 2007
On Wed 03 Oct, Jason Clifford wrote:
>
> On Wed, 2007-10-03 at 09:51 +0100, Martin A. Brooks wrote:
> > HSBC's online business banking _used_ to be IE only, due to them using a
> > single ActiveX control that counted down from 10 to zero before before
> > requesting a file certificate file from the upstream server. As near as
> > I can work out, the 10 second delay was to give the server more time to
> > generate the certificate.
>
> I know. When I first tried to register for it (about 3 years ago) I
> failed for that reason. At the time I complained explaining to my branch
> manager that the system was horribly insecure and slow. She noted my
> complaint and reported it upstream.
>
> Early this year I had a meeting with a new business accounts manager at
> the branch and she explained they have a new system in place. Now
> authentication is 2 fold - a password and a 6 digit code generated by a
> keyfob which is valid for 1 minute.
>
> It works nicely and is platform independent - all I need is a browser
> that supports ssl.
>
> Jason
>
I saw a report that a bank in north west Europe / Scandinavia had been
hit by a worm that waited until a user had logged in to their account using
just such a system, and made its own transfers while the link was still open
but the user had finished.
--
Chris Bell NEW alternative address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list