[AusNOG] AU Major Banks and SHA-1

Scott Howard scott at doc.net.au
Thu Jul 2 03:41:07 EST 2015


On Wed, Jul 1, 2015 at 10:05 AM, Tom Storey <tom at snnap.net> wrote:

> It also moves around the screen* so you cant even record macros to
> repeat mouse input later on.
>
> * either per "key press" or when it first appears, been a while since
> I used it, but I did notice that.
>

Exactly!!  There's absolutely no way that hackers will be able to work out
a way around that!!!

Until about a year ago I used to work in the web security space.

One particular Europe-based bank I spoke with about 2 years ago had gone
the whole hog as far as security was concerned for their business banking
customers, including smart card authentication for all of their business
banking customers, and a number of other best-of-breed security features.
At the time they were of the opinion that their system could not be
compromised, and indeed their fraud levels were basically zero - certainly
lower than any other bank I've ever spoken with.

I spoke with them about a year later, and they admitted that they were now
seeing fraudulent transactions.  The hackers had worked out a way to bypass
all of their controls - including the smart-card authentication and
transaction signing.  They explained to me how it was occurring, and whilst
I obviously can't repeat what I was told I can say that it was extremely
ingenious, and would have involved some very smart people to actually pull
off.

So yeah, floating keyboards for security?  I don't really think so...

  Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150701/d47c3502/attachment.html>


More information about the AusNOG mailing list