[AusNOG] AU Major Banks and SHA-1

Paul Gear ausnog at libertysys.com.au
Fri Jun 26 09:43:17 EST 2015


You say that as if keystroke logging trojans can't also do
mouse-click-with-screen-grab logging...

Floating virtual keyboards are security theatre, nothing more.

On 26/06/15 08:30, Ivan Jukic wrote:
> Granted it uses 6 digits, silly I know in the conventional sense.
> However, correct me if I am wrong. You need to enter the password
> using a floating virtual keyboard. So keystroke logging and brute
> force/dictionary attacks should not be an issue...
>
> On 26 June 2015 at 08:23, Scott Howard <scott at doc.net.au
> <mailto:scott at doc.net.au>> wrote:
>
>     You forgot to mention :
>
>     Westpac - maximum 6 digit passwords for Internet Banking. No
>     special characters allowed.  No upper/lower case distinction. (But
>     at least it's better than their 3 digit phone PINs)
>
>     SSL is pretty much the least of Westpac's problem when it comes to
>     Internet Banking security...
>
>       Scott
>
>     ...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150626/32393aef/attachment.html>


More information about the AusNOG mailing list