Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I recommend analyzing online banking fraud based on the types of attacks: stolen credentials, Man-in-the-middle and malware/man-in-the-browser and how authentication can thwart them: two-factor authentication for sessions, mutual authentication to prevent MITM and transaction authentication for MitB. I wrote an article about this in 2006: <a href="http://www.bankinfosecurity.com/articles.php?art_id=115&amp;pg=1" rel="nofollow noreferrer">http://www.bankinfosecurity.com/articles.php?art_id=115&amp;pg=1</a> and I wrote a doc tutorial on mutual https authentication: <a href="http://www.howtoforge.com/prevent_phishing_with_mutual_authentication" rel="nofollow noreferrer">http://www.howtoforge.com/prevent_phishing_with_mutual_authentication</a>. EV certs are little additional value for many of the same reasons that standard ssl of little value: no one knows how to validate a certificate and the UI cannot be trusted. Using images is of no valued and makes for a really annoying user experience. </p> <p>While SMS is better than static passwords, you are then relying on the security of the cell carriers. However, since they have so many users and increasing the security of their systems means more helpdesk calls, incentives are not aligned. Also, please reference the latest snafu with the iPad email addresses where even basic security principles were not followed. </p> <p>Banks need to get serious about designing systems and/or using vendors that base their architecture on solid security principals and follow standard encryption techniques rather than marketecture with an eye towards meeting miniumum compliance standards.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload