DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th January 2010
guitarscn guitarscn is offline
Package Pilot
 
Join Date: Oct 2008
Posts: 166
Thanked 1 Time in 1 Post
Default How to choose a safe bank

Because I can't go around legally pentesting every major US bank in my area, how do you guys go about choosing one, especially if you're going to use online banking? This one bank I was with had a maximum password character limit that was pretty low...but I closed that account because of financial disputes with the bank though.
Reply With Quote
  #2   (View Single Post)  
Old 19th January 2010
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,052
Thanked 118 Times in 93 Posts
Default

First off all, online transactional system should be standarts compilant, which means no matter which browser you use it just works.

Dunno about USA but in Poland there are banks where transactional system works only for IE, some even force you to install a separate certificate, so you are able to use that online system only from one computer*, pretty useless as for ONLINE account, some even require to sign with your own blood

[*] unless you install that certicicate into Windows on VirtualBox and keep that image with you on the flash pendrive.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #3   (View Single Post)  
Old 19th January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Banks in the Netherlands require a login name and password, but for doing transactions most banks require an additional confirmation

Giro/ING sends you codesheet with 100 numbered codes. Each time you actually do a transaction they ask you to enter one these codes. Please enter code# 34.
Instead of a the code you also can ask them to send such a new transcation confirmation code your mobile phone via SMS.

ABN-AMRO use a kind of calculator. Their site shows some digits as a challenge to enter on the calculator. The calculator processes the challenge and shows a code you have to enter to confirm the transaction.

As long as you keep your codesheet safe and don't lend your calculator to somebody else, nobody can transfer money out of your account.

@Vermaden, both French and German governments advised people, for security reasons, not to use Internet Explorer anymore. Tell your bank
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 20th January 2010
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,052
Thanked 118 Times in 93 Posts
Default

Quote:
Originally Posted by J65nko View Post
@Vermaden, both French and German governments advised people, for security reasons, not to use Internet Explorer anymore.
Heh, yeah, but they did that NOW, for how many years they have been quiet about all that IE shit? Most of polish banks offer services that are cross-browser, but there are several that still do not understand how things should be done.

Quote:
Originally Posted by J65nko View Post
Tell your bank
I do not use bank that require IE or spreads certificates, so I would be able to use it only at one location.

My bank uses https/xhtml 1.0 for the online transactional system, you login with id and password, but if you want to do some operations, you will have to enter another code provided by the SMS service on the phone, of course new SMS/code for each transaction.

Simple and secure.

... and my account is free, I do not pay for anything (monthly fee's/fee per transfer/etc).
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #5   (View Single Post)  
Old 20th January 2010
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Quote:
don't lend your calculator to somebody else
AFAIK, the 'code calculator' is a simple mass-produced one, not one tailor-made for your account, i.e. carrying a special chip/key or anything. They may even be completely interchangeable between banks. I borrowed a colleague's calculator once because I'd forgotten mine, and it worked just fine. I'm sure the challenge numbers produced by the bank site coupled with your PIN are unique enough to warrant processing by a non-unique calculator.





Reply With Quote
  #6   (View Single Post)  
Old 20th January 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is online now
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,069
Thanked 198 Times in 156 Posts
Default

Indeed, at work we have one of those rabobank calculators and everyone uses it.

Nice pictures btw
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #7   (View Single Post)  
Old 20th January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

I was not referring to the calculators, where you have to slot in your bank/ATM card, those are the new ones.

In 1990 when my wife and I setup a subsidiary of a Taiwanese company in Holland, ABN (yes, before the merge with AMRO), had a calculator that could read a kind of flashing bar code from your monitor. You had to hold the calculator against the monitor for a few seconds, then it would display a code you had to type in.
It also gave a numerical stimulus as alternative, in case for some reason, the calculator couldn't read the code from the monitor.

That was twenty years ago, before the Internet became popular and you had to use a 1200 or 2400 baud modem to do your 'telebanking' with a viditel emulator. Probably most of you were still in primary school at that time

Those calculators were somehow tied to a certain number of bank accounts. Some time later, we did telebanking for two other companies, and you really had to use the correct calculator. Else it just didn't work.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #8   (View Single Post)  
Old 22nd January 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

SHEESH J65nko, that was a good bank. Doing that kind of stuff back in them days is really a surprise, but I guess some folks do try and get it right.

(and people say I am paranoid... lol)
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 22nd January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

Good banks banks have a strict separation between front office and back office and are really paranoia.

For a long time if you wanted to do "internet" banking with the Dutch Rabobank, you had to dial in with a POTS modem to their private TCP/IP network.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Safe FTP/SFTP access questions Albright FreeBSD Security 9 21st September 2009 09:21 PM
swine: am i safe? ax0 Off-Topic 8 2nd May 2009 08:03 AM
[DOVECOT] How to choose the ports? Sunsawe FreeBSD Ports and Packages 2 7th July 2008 02:41 PM
What version of FreeBSD should i choose latorion FreeBSD Installation and Upgrading 4 19th May 2008 10:16 PM


All times are GMT. The time now is 08:14 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick