Security Basics mailing list archives
Re: Bank Of Montreal Online Security
From: Alexander Meesters <a.meesters () sansyl com>
Date: Tue, 30 Oct 2012 12:55:47 +0100 (CET)
i dont think brute-force is the issue here, most likely a attack on such a system would be by sql-injection, once they have the credentials its easy enough to utilize rainbow tables in order to get a useable password. although its unlikely a bank would use a unsave hashing algorithm like md5 or sha1, the rainbow tables available today for those algorithms are up to 12 characters in length. IMHO they, and for that matter, everybody are far better off using pass-phrases, for example:"i do not like waffles", or "my 2 grand kids are awesome!" its both easy memorable and though to crack, and far exceeds any available rainbow table out there! just my 2 cents, Alex ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bank Of Montreal Online Security mrtolton (Oct 29)
- RE: Bank Of Montreal Online Security Trey Keifer (Oct 29)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 30)
- RE: Bank Of Montreal Online Security Dave Kleiman (Oct 31)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 31)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 30)
- RE: Bank Of Montreal Online Security Trey Keifer (Oct 29)
- <Possible follow-ups>
- Re: Bank Of Montreal Online Security hankveins (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- Re: Bank Of Montreal Online Security Alexander Meesters (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- RE: Bank Of Montreal Online Security Scott Herbert (Oct 31)