[AusNOG] AU Major Banks and SHA-1
Paul Gear
ausnog at libertysys.com.au
Fri Jun 26 09:43:17 EST 2015
You say that as if keystroke logging trojans can't also do
mouse-click-with-screen-grab logging...
Floating virtual keyboards are security theatre, nothing more.
On 26/06/15 08:30, Ivan Jukic wrote:
> Granted it uses 6 digits, silly I know in the conventional sense.
> However, correct me if I am wrong. You need to enter the password
> using a floating virtual keyboard. So keystroke logging and brute
> force/dictionary attacks should not be an issue...
>
> On 26 June 2015 at 08:23, Scott Howard <scott at doc.net.au
> <mailto:scott at doc.net.au>> wrote:
>
> You forgot to mention :
>
> Westpac - maximum 6 digit passwords for Internet Banking. No
> special characters allowed. No upper/lower case distinction. (But
> at least it's better than their 3 digit phone PINs)
>
> SSL is pretty much the least of Westpac's problem when it comes to
> Internet Banking security...
>
> Scott
>
> ...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150626/32393aef/attachment.html>
More information about the AusNOG
mailing list