Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Home-Banking PEN-TESTING
From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Fri, 1 Sep 2000 16:33:41 +0100

----- Original Message -----
From: Domenico De Vitto <dom () DEVITTO DEMON CO UK>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, August 31, 2000 8:02 PM
Subject: Re: Home-Banking PEN-TESTING

[snip]
Stuff like (encrypted) pages being stored in the cache, and so available
to any/all users of the same computer are often considered by the press
to be breaches in security, but fundamentally you must look at the
comparitive risk - do you use your credit card in resturants?
[snip]
Bearing in mind the possible vulnerabilities that a hostile web page can
attempt against your box via the browser, cookies or cached pages may be an
issue.
Yes, it is a question of risk mitigation and acceptance, I will use a credit
card in a restaurant but I won't post it to a noticeboard ;-)
In certain enviroments, gaining physical access to a computer is fairly
straightforward - how many times have you seen people conduct similar style
transactions in internet cafe's or other public area's ?

Not that I'm paranoid or anything ;-)

Regards,
            JJ


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]