|
|||
How to choose a safe bank
Because I can't go around legally pentesting every major US bank in my area, how do you guys go about choosing one, especially if you're going to use online banking? This one bank I was with had a maximum password character limit that was pretty low...but I closed that account because of financial disputes with the bank though.
|
|
||||
First off all, online transactional system should be standarts compilant, which means no matter which browser you use it just works.
Dunno about USA but in Poland there are banks where transactional system works only for IE, some even force you to install a separate certificate, so you are able to use that online system only from one computer*, pretty useless as for ONLINE account, some even require to sign with your own blood [*] unless you install that certicicate into Windows on VirtualBox and keep that image with you on the flash pendrive.
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
|||
Banks in the Netherlands require a login name and password, but for doing transactions most banks require an additional confirmation
Giro/ING sends you codesheet with 100 numbered codes. Each time you actually do a transaction they ask you to enter one these codes. Please enter code# 34. Instead of a the code you also can ask them to send such a new transcation confirmation code your mobile phone via SMS. ABN-AMRO use a kind of calculator. Their site shows some digits as a challenge to enter on the calculator. The calculator processes the challenge and shows a code you have to enter to confirm the transaction. As long as you keep your codesheet safe and don't lend your calculator to somebody else, nobody can transfer money out of your account. @Vermaden, both French and German governments advised people, for security reasons, not to use Internet Explorer anymore. Tell your bank
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Quote:
I do not use bank that require IE or spreads certificates, so I would be able to use it only at one location. My bank uses https/xhtml 1.0 for the online transactional system, you login with id and password, but if you want to do some operations, you will have to enter another code provided by the SMS service on the phone, of course new SMS/code for each transaction. Simple and secure. ... and my account is free, I do not pay for anything (monthly fee's/fee per transfer/etc).
__________________
religions, worst damnation of mankind "If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”. vermaden's: links resources deviantart spreadbsd |
|
||||
Indeed, at work we have one of those rabobank calculators and everyone uses it.
Nice pictures btw
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
|||
I was not referring to the calculators, where you have to slot in your bank/ATM card, those are the new ones.
In 1990 when my wife and I setup a subsidiary of a Taiwanese company in Holland, ABN (yes, before the merge with AMRO), had a calculator that could read a kind of flashing bar code from your monitor. You had to hold the calculator against the monitor for a few seconds, then it would display a code you had to type in. It also gave a numerical stimulus as alternative, in case for some reason, the calculator couldn't read the code from the monitor. That was twenty years ago, before the Internet became popular and you had to use a 1200 or 2400 baud modem to do your 'telebanking' with a viditel emulator. Probably most of you were still in primary school at that time Those calculators were somehow tied to a certain number of bank accounts. Some time later, we did telebanking for two other companies, and you really had to use the correct calculator. Else it just didn't work.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
SHEESH J65nko, that was a good bank. Doing that kind of stuff back in them days is really a surprise, but I guess some folks do try and get it right.
(and people say I am paranoid... lol)
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
Good banks banks have a strict separation between front office and back office and are really paranoia.
For a long time if you wanted to do "internet" banking with the Dutch Rabobank, you had to dial in with a POTS modem to their private TCP/IP network.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Safe FTP/SFTP access questions | Albright | FreeBSD Security | 9 | 21st September 2009 09:21 PM |
swine: am i safe? | ax0 | Off-Topic | 8 | 2nd May 2009 08:03 AM |
[DOVECOT] How to choose the ports? | Sunsawe | FreeBSD Ports and Packages | 2 | 7th July 2008 02:41 PM |
What version of FreeBSD should i choose | latorion | FreeBSD Installation and Upgrading | 4 | 19th May 2008 10:16 PM |