Re: Re (2): Multiplicity of accounts.
On Sat, Oct 5, 2013 at 10:56 AM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 10/4/2013 9:25 PM, Joel Rees wrote:
>>
>> Not top posting, just prefacing my comments:
>>
>> Are we trying to educate the list in cracking techniques or in ways to
>> manage and mitigate the vulnerabilities?
>>
>> On Fri, Oct 4, 2013 at 10:36 PM, Jerry Stuckle <jstuckle@attglobal.net>
>> wrote:
>>>
>>>
>>> On 10/4/2013 5:10 AM, Joel Rees wrote:
>>>>
>>>> Should I add to the confusion?
>>>>
>>>> On Thu, Oct 3, 2013 at 10:27 PM, Jerry Stuckle <jstuckle@attglobal.net>
>>>> wrote:
>>>>>
>>>>> On 10/3/2013 8:45 AM, Joel Rees wrote:
>>>>>>
>>>>>>
>>>>>> On Thu, Oct 3, 2013 at 1:53 AM, Jerry Stuckle <jstuckle@attglobal.net>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 10/2/2013 12:24 PM, peasthope@shaw.ca wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> From: Joel Rees <joel.rees@gmail.com>
>>>>>>>> Date: Wed, 2 Oct 2013 15:30:26 +0900
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> [...]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> And accessing your bank logged in as the same user that you use to
>>>>>>>>> surf random sites is one of the primary causes of leaked bank
>>>>>>>>> account
>>>>>>>>> numbers and passwords.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> The banking information is stored in a cookie. Subsequently a site
>>>>>>>> other
>>>>>>>> than the bank is allowed to read the cookie? A failure of the
>>>>>>>> browser.
>>>>>>>> Correct? Prior to studying this thoroughly, I might stick to
>>>>>>>> personal
>>>>>>>> banking.
>>>>>>>>
>>>>>>>
>>>>>>> Not if your browser is working properly. Cookies can only be sent to
>>>>>>> the
>>>>>>> domain which originated them (and, depending on the cookie options,
>>>>>>> subdomains of the main domain).
>>>>>>
>>>>>>
>>>>>>
>>>>>> subdomains.
>>>>>>
>>>>>> And too many places, bank sites included, outsource parts of their
>>>>>> sites. Particularly ad-related stuff.
>>>>>>
>>>>>
>>>>> It doesn't matter if they outsource parts of their sites. Those
>>>>> outsourced
>>>>> sites will have different domains, and the cookies cannot be sent to
>>>>> them.
>>>>
>>>>
>>>> You must be looking at the page source code of different banks than I
>>>> am.
>>>>
>>> What banks do you know outsource subdomains to someone else?
>>
>>
>> Exposure here would only motivate the banks if they were reading this
>> mailing list.
>>
>> Exposure here would only warn their customers if their customers, or
>> even their customers' friends, were reading this mailing list.
>>
>> I don't think it would be responsible to name names here, do you?
>>
>> However, for users of this list, trying to manage the vulnerabilities
>> they expose themselves to, the odds that your bank is using known
>> vulnerable techniques are high enough that you need to take some
>> effort to limit your own exposure.
>>
>
> If there were ANY bank which had to read this list to find out they were
> exposed, they need a new IT department.
>
> I don't know about where you are - but here in the United States, they
> wouldn't get very far. There are many layers of regulations and protections
> regarding banking security. And any bank which had such security exposures
> as you claim would not be allowed to continue operations.
>
> And no, I am VERY confident ANY bank I have dealt with knows how to manage
> vulnerabilities. What makes you think otherwise?
Hmm. How does one answer such a riff?
https://www.google.co.jp/#q=us+bank+vulnerability
and
https://www.google.co.jp/#q=bank+information+technology+incompetent
The results of that second search would be quite amusing in some sort
of slapstick comedy, although some do include language that would not
be approved here. And I am sure the individuals blogging their
experiences were not amused.
And then I had a "flash" of insight:
>>> [...]
> HTML is a scripting language. Nothing more, nothing less. [...]
>>> [...]
I've had managers who couldn't tell the difference between a markup
language and a scripting language, but I'm sure you can.
You're just playing with me. Thanks anyway, Jerry, but I really do
have homework to do today.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: