Home page logo
/

basics logo Security Basics mailing list archives

Re: Bank Of Montreal Online Security
From: Davin Enigl <davinenigl () comcast net>
Date: Sat, 03 Nov 2012 18:50:57 -0700



On 11/02/2012 12:07 PM, Mikhail A. Utin wrote:
Hello,
Frankly, considering usual number of a bank customers, which could be up to 10 million, using anything better than a 
user name and a password create a technical problem for IT, meaning finally money. Breaking in bank's accounts and 
stealing information is relativily rare. I do remember they replaced my credit cards twice during twenty years. I 
have accounts with 5 major banks, so see the statistics. I would believe that it is much cheaper for a bank fixing 
accounts, replacing cards, etc. than keeping on-line complex authentication system.
RBS Citizens uses as well an image associated with an account that adds some security value. 
Regards

Mikhail utin, CISSP

Rare? You have got to be kidding. You are a CISSP?

 --Fourteen Charges in Precision Cyberheist Case
(October 30, 31 & November 1, 2012)
Fourteen people have been charged in connection with a coordinated
cyberheist that netted thieves more than US $1 million through
cash-advance kiosks at casinos in Nevada and California. The scheme
exploited a flaw in Citibank's system that is supposed to prevent
checking accounts from being overdrawn and involved making a coordinated
series of withdrawals from accounts in a brief window of time.
Ringleader Ara Keshishyan faces up to 30 years in prison and a fine of
US $1 million. The others face prison sentences of up to five years and
US $250,000 fines.
http://www.zdnet.com/fbi-catches-gone-in-60-seconds-bank-fraudsters-7000006719/
http://www.informationweek.com/security/attacks/60-second-cash-kiosk-hackers-steal-1-mil/240012604?cid=InformationWeek-Twitter
http://arstechnica.com/security/2012/10/atm-heist-clears-1-million-exploiting-citigroup-e-payment-flaw/
https://www.fbi.gov/sandiego/press-releases/2012/fourteen-charged-in-million-dollar-gone-in-60-seconds-bank-fraud

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]