We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Online Bank Security - BROKEN !?!?!
Options
Comments
-
Interesting. http://www.youtube.com/watch?v=0SgGMj3Mf88&t=3m14sCollect your reward :j
V0xOT09PV1RFR0FFTUNFQkUyRURFVU5VQU9JQUNSTU9JMFIxTE9ZUllSWUJOSEtQRURTWCU=0 -
6 6 6 has been given internet access again. Can't last very long until they get banned again.0
-
If Mr Cameron gets his way there will soon be a mandatory backdoor into all of these protocols anyway, so the existence of other backdoors and vulnerabilities will be somewhat academic.0
-
If Mr Cameron gets his way there will soon be a mandatory backdoor into all of these protocols anyway, so the existence of other backdoors and vulnerabilities will be somewhat academic.
If that happens then say goodbye to legit private encryption. Secure backdoors are impossible! But the stupid politicians don't understand tech security so the only real security will be pushed under ground.0 -
Banks know that the weakest link is the users (falling for phishing or malware) rather that the technology. Quite a few return RC4 ciphers as item 1 in their priority list during the https negotiation even though they also support stronger ciphers. I don't think users need to worry too much about this as the resources needed to get the encrypted data stream and decrypt it are beyond the scammer's capabilities at the moment.
I expect the banks will act quickly to fix their poorer technology if there is ever a major hack attributed to a weaker cipher.0 -
Banks know that the weakest link is the users (falling for phishing or malware) rather that the technology. Quite a few return RC4 ciphers as item 1 in their priority list during the https negotiation even though they also support stronger ciphers.
The problems really arise, particularly with the new logjam threat, where a man in the middle meddles with the cipher suite list offered by the user, so that only weak options are sent and forcing the server to choose one of these if it happens to support it. Some of these certainly are within the means of an attacker to break.
I think the lack of support for the more modern protocols and ciphers is indicative of a lack of diligence on the part of the banks. Nobody can use these secure protocols if the banks don't support them. However, it is the responsibility of banks to refund customers in cases of fraud where the customer has not been negligent, so it is up to them how much they want to do to stem those costs. I certainly agree there is much lower hanging fruit.0 -
[FONT="][FONT="][FONT="][FONT="][FONT="][FONT="]https://drownattack.com
[/FONT][/FONT][/FONT][FONT="][FONT="][FONT="][FONT="][FONT="]TL;DR[/FONT][/FONT][/FONT][/FONT][/FONT][FONT="][FONT="][FONT="][FONT="]
[/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][FONT="][FONT="]http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html[/FONT][/FONT]Collect your reward :j
V0xOT09PV1RFR0FFTUNFQkUyRURFVU5VQU9JQUNSTU9JMFIxTE9ZUllSWUJOSEtQRURTWCU=0 -
Please don't shout:(0
-
coming to this thread a little late - another one for the Ignore List :jThe questions that get the best answers are the questions that give most detail....0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards