[AusNOG] AU Major Banks and SHA-1

Tom Storey tom at snnap.net
Thu Jul 2 03:05:57 EST 2015


It also moves around the screen* so you cant even record macros to
repeat mouse input later on.

* either per "key press" or when it first appears, been a while since
I used it, but I did notice that.

On 25 June 2015 at 23:30, Ivan Jukic <ijukic13 at gmail.com> wrote:
> Granted it uses 6 digits, silly I know in the conventional sense. However,
> correct me if I am wrong. You need to enter the password using a floating
> virtual keyboard. So keystroke logging and brute force/dictionary attacks
> should not be an issue...
>
> On 26 June 2015 at 08:23, Scott Howard <scott at doc.net.au> wrote:
>>
>> You forgot to mention :
>>
>> Westpac - maximum 6 digit passwords for Internet Banking. No special
>> characters allowed.  No upper/lower case distinction. (But at least it's
>> better than their 3 digit phone PINs)
>>
>> SSL is pretty much the least of Westpac's problem when it comes to
>> Internet Banking security...
>>
>>   Scott
>>
>>
>>
>> On Thu, Jun 25, 2015 at 3:14 PM, Matthew Moyle-Croft <mmc at mmc.com.au>
>> wrote:
>>>
>>> We've all been distracted by the large scale crazy of site blocking, meta
>>> data retention and whatever else the Australian Government is doing.
>>>
>>> But need to focus on some basics:
>>>
>>> SHA-1 is on it's way out (see
>>> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html).
>>>
>>> Friend got a warning for his bank (not Australian) from Chrome about bad
>>> SSL configs, so I went and had a quick look at the big 4 banks in Australia
>>> to see what's up.
>>>
>>> Commbank - got it right - no SHA-1 for home page or Internet Banking, no
>>> TLS 1.0
>>> ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh
>>> boy!)
>>> NAB -  no SSL on home page, TLS 1.2 and SHA-1 for internet banking
>>> Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
>>>
>>> Anyone here who can influence good internet crypto for the 3 that aren't
>>> quite there?
>>>
>>> MMC
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>


More information about the AusNOG mailing list