Not top posting, just prefacing my comments:
Are we trying to educate the list in cracking techniques or in ways to
manage and mitigate the vulnerabilities?
On Fri, Oct 4, 2013 at 10:36 PM, Jerry Stuckle <jstuckle@attglobal.net>
wrote:
On 10/4/2013 5:10 AM, Joel Rees wrote:
Should I add to the confusion?
On Thu, Oct 3, 2013 at 10:27 PM, Jerry Stuckle <jstuckle@attglobal.net>
wrote:
On 10/3/2013 8:45 AM, Joel Rees wrote:
On Thu, Oct 3, 2013 at 1:53 AM, Jerry Stuckle <jstuckle@attglobal.net>
wrote:
On 10/2/2013 12:24 PM, peasthope@shaw.ca wrote:
From: Joel Rees <joel.rees@gmail.com>
Date: Wed, 2 Oct 2013 15:30:26 +0900
[...]
And accessing your bank logged in as the same user that you use to
surf random sites is one of the primary causes of leaked bank
account
numbers and passwords.
The banking information is stored in a cookie. Subsequently a site
other
than the bank is allowed to read the cookie? A failure of the
browser.
Correct? Prior to studying this thoroughly, I might stick to
personal
banking.
Not if your browser is working properly. Cookies can only be sent to
the
domain which originated them (and, depending on the cookie options,
subdomains of the main domain).
subdomains.
And too many places, bank sites included, outsource parts of their
sites. Particularly ad-related stuff.
It doesn't matter if they outsource parts of their sites. Those
outsourced
sites will have different domains, and the cookies cannot be sent to
them.
You must be looking at the page source code of different banks than I
am.
What banks do you know outsource subdomains to someone else?
Exposure here would only motivate the banks if they were reading this
mailing list.
Exposure here would only warn their customers if their customers, or
even their customers' friends, were reading this mailing list.
I don't think it would be responsible to name names here, do you?
However, for users of this list, trying to manage the vulnerabilities
they expose themselves to, the odds that your bank is using known
vulnerable techniques are high enough that you need to take some
effort to limit your own exposure.