<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
ING is worse, 4 digit pin floating keyboard.<br>
<br>
Regards,<br>
Ross<br>
<br>
<div class="moz-cite-prefix">On 26/06/2015 8:30 am, Ivan Jukic
wrote:<br>
</div>
<blockquote
cite="mid:CAMUcLQjO9SxqBBsRSNfg=6hOZh040J4koCcWS1V5MXEyhHCSeQ@mail.gmail.com"
type="cite">
<div dir="ltr">Granted it uses 6 digits, silly I know in the
conventional sense. However, correct me if I am wrong. You need
to enter the password using a floating virtual keyboard. So
keystroke logging and brute force/dictionary attacks should not
be an issue...<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 26 June 2015 at 08:23, Scott Howard
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:scott@doc.net.au" target="_blank">scott@doc.net.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">You forgot to mention :
<div><br>
</div>
<div>Westpac - maximum 6 digit passwords for Internet
Banking. No special characters allowed. No upper/lower
case distinction. (But at least it's better than their 3
digit phone PINs)</div>
<div><br>
</div>
<div>SSL is pretty much the least of Westpac's problem
when it comes to Internet Banking security...</div>
<div><br>
</div>
<div> Scott</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div class="h5">On Thu, Jun 25, 2015 at 3:14 PM,
Matthew Moyle-Croft <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mmc@mmc.com.au" target="_blank">mmc@mmc.com.au</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="h5">
<div dir="ltr">
<div>We've all been distracted by the large
scale crazy of site blocking, meta data
retention and whatever else the Australian
Government is doing.</div>
<div><br>
</div>
<div>But need to focus on some basics:</div>
<div><br>
</div>
<div>SHA-1 is on it's way out (see <a
moz-do-not-send="true"
href="http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html"
target="_blank">http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html</a>).<br>
</div>
<div><br>
</div>
<div>Friend got a warning for his bank (not
Australian) from Chrome about bad SSL configs,
so I went and had a quick look at the big 4
banks in Australia to see what's up.</div>
<div><br>
</div>
<div>Commbank - got it right - no SHA-1 for home
page or Internet Banking, no TLS 1.0</div>
<div>ANZ - no SSL on home page, TLS 1.0 and
SHA-1 for internet banking (oh boy!)</div>
<div>NAB - no SSL on home page, TLS 1.2 and
SHA-1 for internet banking</div>
<div>Westpac - no SSL on home page, TLS 1.2 and
SHA-1 for internet banking</div>
<div><br>
</div>
<div>Anyone here who can influence good internet
crypto for the 3 that aren't quite there? </div>
<span><font color="#888888">
<div><br>
</div>
<div>MMC</div>
</font></span></div>
<br>
</div>
</div>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net"
target="_blank">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Regards,
Ross Annetts</pre>
</body>
</html>