A New Age (eh?)

oldperro

redlady_1 wrote: »

Dont worry, I have just had a complete fit at NS & I on the basis that they will no longer accept just my password as ID to transfer money but I now have to answer 5 randomly generated questions. These questions were set by themselves and include nephews names (I am an only child), time my first child was born (I dont have any) etc etc and because I dont have any of those details I was unable to transfer some money, despite having the password! So then I wanted to close the account. No, they couldnt do this unless I provided them with the above information. So, from that moment on everyone was called Fred. They couldnt close the account without a phone number so I made that up too. And now my account has been closed with false information!

Redlady...you MUST appreciate that they were doing it only for your own and the nation's protection!
I mean you could have been a moneylaunderer or something....

Be thankful!

That's why these security systems are in place...

Duh...:(:(:rotfl:

bandana999

You guys might like to try Keyscrambler
http://www.qfxsoftware.com/
It works with most browsers, and encrypts keystrokes.
There's a free version, ( only works with IE, Firefox, and Flock), as well as pro and premium versions.

How KeyScrambler Works It encrypts your keystrokes at the keyboard driver level in the kernel, as they enter the computer.
It then decrypts the keystrokes at the destination application, so you see exactly the keys you've typed.
Whatever keylogger might be waiting along the path has only the encrypted keys — "scrambled" and indecipherable — to record.

samizdat

bandana999 wrote: »

You guys might like to try Keyscrambler
http://www.qfxsoftware.com/
It works with most browsers, and encrypts keystrokes.
There's a free version, ( only works with IE, Firefox, and Flock), as well as pro and premium versions.

No thanks. Closed source software granted low-level access to kernel = RED FLAG.

Also, no guarantee that keyloggers cannot interpose themselves between the kernel and this software.

At best this software will be ineffective while instilling a false sense of security, at worst it could itself be a security risk.

bandana999

samizdat wrote: »

No thanks. Closed source software granted low-level access to kernel = RED FLAG.

Also, no guarantee that keyloggers cannot interpose themselves between the kernel and this software.

At best this software will be ineffective while instilling a false sense of security, at worst it could itself be a security risk.

Thanks for your comments - I have read many tests and reviews of this app, and while it is not perfect, have never heard it accused of being a security risk in itself. Please could you tell me exactly what the risk is so I can decide whether to carry on using it.
I don't buy this "false sense of security idea". If that was the case then my AV, Firewall, Sandbox, etc, could all be derided for the same reason.

In this March 2010 test by the Malware Research Group, KeyScrambler only blocked 5 of 13 attacks - Prevx won, blocking all 13, but there's no free version.(£25 year)
http://malwareresearchgroup.com/wp-content/uploads/Sveta/2009/01/MRG-Online-Banking-Security-Test-Mar-2010.pdf

samizdat

bandana999 wrote: »

Thanks for your comments - I have read many tests and reviews of this app, and while it is not perfect, have never heard it accused of being a security risk in itself. Please could you tell me exactly what the risk is so I can decide whether to carry on using it.
I don't buy this "false sense of security idea". If that was the case then my AV, Firewall, Sandbox, etc, could all be derided for the same reason.

In this March 2010 test by the Malware Research Group, KeyScrambler only blocked 5 of 13 attacks - Prevx won, blocking all 13, but there's no free version.(£25 year)
http://malwareresearchgroup.com/wp-content/uploads/Sveta/2009/01/MRG-Online-Banking-Security-Test-Mar-2010.pdf

Well, I suppose the point is to some extent philosophical.

Kerckhoffs's principle states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Bruce Schneier, in discussing Kerckhoff's principle, has suggested that "every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility." See also this article for a fuller discussion of the issues.

I acknowledge, however, that the academic literature on the relative security of closed and open source software is not conclusive. I happen to find the arguments in favour of open source to be very persuasive.

As an aside, a score of 5 out of 13 does seem quite poor.

Incidentally, a lot of security software *is derided*, for the same reasons discussed in the linked article.

bandana999

Good old Kerckhoff :T Remember when you just went to the bank, told the clerk what you wanted, and everything was done for you. No, me neither, but I've seen it on Dad's Army.
I suspect however that in today's world, if your account passwords were hacked and you had no security software on your PC, then the banks might try to put just a little of the blame your way.
As for secrecy being the prime cause of brittleness - isn't that the whole point of pin numbers? If someone else uses your pin, you get the blame for not keeping it secret - that couldn't happen with signatures, which were never secret, just personal. Nevertheless, the banks put the onus on us to keep our pins and passwords secret.
I agree 5 out of 13 isn't brilliant, but it's just better that 0, so I think I'll carry on using it, or something similar.
Thanks:beer:

samizdat

bandana999 wrote: »

Good old Kerckhoff :T
As for secrecy being the prime cause of brittleness - isn't that the whole point of pin numbers? If someone else uses your pin, you get the blame for not keeping it secret - that couldn't happen with signatures, which were never secret, just personal. Nevertheless, the banks put the onus on us to keep our pins and passwords secret.

The pin is equivalent to the "key". Even Kerckhoff says you should keep that secret!

Also, I'm not convinced that 5 out of 13 is better than 0 out of 13. An analogy might be if you were about to be given 13 different types of lethal injection and someone suggested you take an antidote that was effective against 5 of them. Would you bother?

bandana999

samizdat wrote: »

The pin is equivalent to the "key". Even Kerckhoff says you should keep that secret!

Also, I'm not convinced that 5 out of 13 is better than 0 out of 13. An analogy might be if you were about to be given 13 different types of lethal injection and someone suggested you take an antidote that was effective against 5 of them. Would you bother?

Yes, because actually you would be very unlucky to get all 13. If you had protection for none of them then you would definitely die - some protection at least gives you a chance. Don't forget all the other "antidotes" you should have on your PC . Maybe you could also take some care not to visit such dangerous places late at night.:p
Even Domestos only kills 99% of household germs - would you not use it because you might have the 1% it doesn't kill?

Of course you should try to keep your pin secret, but with even Tesco having hacked chip and pin terminals on some supermarket checkouts, that is impossible to guarantee .... and my point was that unlike signatures, PIN numbers can be disclosed or stolen and entered by anyone, and that suits the banks, who can accuse you of revealing your PIN. So where there was no need for secrecy now there is, and the banks introduced that for their benefit, not ours..

samizdat

bandana999 wrote: »

Yes, because actually you would be very unlucky to get all 13.

Well, you would only have to receive a maximum of 6 to guarantee a bad outcome. Also, if your machine is exposed to infection by a keylogger of any kind, chances are that it is exposed to infection by keyloggers of many kinds.

oldperro

Just to round this off....

Well, I eventually got myself a Photo Driving Licence using a Birth Certificate and Marriage Licence ( by post thankfully, since I didn't really have the time to go down to Swansea in person. )

I had volunteered to send these (and more) to the Santander office, but they said that would not be possible "since I could be anybody" and would have to come in person and that these documents may not be suitable.

Anyway, I travelled all the way into town and went into the Santander office.

Obviously, they were just local staff there just doing a job of work, so I had no intention of making their day any harder, so I had no ill feelings about my past frustrations and of course, treated them with civility.

I explained to the girl that my account had been blocked when I had attempted to move my old B&B ISA to a better interest rate Santander one.

She said that would be no problem now and did I have proof of identity.

I flashed the Photo Licence and that was fine.

I asked if I could operate the new account by phone or Internet and was told, yes that would be no problem and that I would be sent a card which I could use in an ATM.

I asked what would be the situation if I wanted a cheque of say £1000 or £2000 sent to me at my home address, since I tend just to use my normal bank current account for regular stuff and Building Society accounts for bigger, occasional things.

That would NOT be possible, I was told...and indeed would have to come into town again and present myself in person at a branch and with suitable identification.

I had to say that I was sorry, but all my other transactions are carried out without a problem using the Internet or phone and just to close the account and issue me with a cheque as I don't have the time to comply with Santander's rules.

So I left with the cheque.

Strange outfit is Santander..