Security Basics mailing list archives
RE: Bank Of Montreal Online Security
From: "Scott Herbert" <scott.a.herbert () googlemail com>
Date: Wed, 31 Oct 2012 18:15:24 -0000
The US has only now (March 2012) started insentives to adopt Pin and Chip credit cards (to avoid the failed PCI-DSS.)
Chip and Pin can be broken by a MiM attack[1], but it's still a lot better the single factor auth being rolled out by UK banks in the form of NFC cards [2][3] [1] http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf [2] http://www.barclays.co.uk/Helpsupport/Barclayscontactlessdebitcards/P1242561764200 [3] http://www.gizmodo.co.uk/2012/03/barclays-debit-cards-details-can-be-nicked-with-an-nfc-mobile-bump/ begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q#S -!@E@AD@!90,$`@,%`#" !@DJADB& M]PT!!P$``*""$SHP@@0V,((#'J #`@$"`@$!, T&"2J&2(;W#0$!!04`,&\Q M"S )!@-5! 83`E-%,10P$@8#500*$PM!9&14<G5S="!!0C$F,"0&`U4$"Q,= M061D5')U<W0@17AT97)N86P@5%10($YE='=O<FLQ(C @!@-5! ,3&4%D9%1R M=7-T($5X=&5R;F%L($-!(%)O;W0P'A<-,# P-3,P,3 T.#,X6A<-,C P-3,P M,3 T.#,X6C!O,0LP"08#500&$P)313$4,!(&`U4$"A,+061D5')U<W0@04(Q M)C D!@-5! L3'4%D9%1R=7-T($5X=&5R;F%L(%144"!.971W;W)K,2(P( 8# M500#$QE!9&14<G5S="!%>'1E<FYA;"!#02!2;V]T,((!(C -!@DJADB&]PT! M`0$%``."`0\`,((!"@*"`0$`M_<:,^;R``0M.>!.6^T?O&P/S;7Z([;.WIL1 M,Y>D*4Q]DY^]2KR3[0,:XX_/Y6U06M:7*91:@+!)>MLNE?VXRK\W."T>/I%! MK7!6Q_!//^@RGG3*R)!4Z<9?#WB=FD \#JQAJEX4CYZ'H6I0W->:3J\%LZ9Q ME)QQLU!@"L<3G3@'A@*HZ:AI)AB0JTRP3R.K.D^$V-_.G^%I;[O70M=K1.3' MK>YM05]R6G$(-[-Y9:19H)0W]P`O#<*2<MK0.'+;%*A%Q%TJ?;>TUL3NK,T3 M1+?)*]U#`"7Z8;EI:E@C$;>G,X]6=5GUS2G71K<**V6VTT)O%;*X>_OOZ5U3 MU31:)P(#`0`!HX'<,('9,!T&`U4=#@06!!2MO9AZ-+0F]_K$)E3O`[W@),M4 M&C +!@-5'0\$! ,"`08P#P8#51T3`0'_! 4P`P$!_S"!F08#51TC!(&1,(&. M@!2MO9AZ-+0F]_K$)E3O`[W@),M4&J%SI'$P;S$+, D&`U4$!A,"4T4Q%# 2 M!@-5! H3"T%D9%1R=7-T($%",28P) 8#500+$QU!9&14<G5S="!%>'1E<FYA M;"!45% @3F5T=V]R:S$B," &`U4$`Q,9061D5')U<W0@17AT97)N86P@0T$@ M4F]O=((!`3 -!@DJADB&]PT!`04%``."`0$`L)O@A27"UB/B#Y8&DIU!F)S9 MA'F!V1Y;% <C-F6/L-AWNZQ!;$=@@U&P^3(]Y_SV)A/'@!:EOUK\A\]X>8DA MFN),!PJ&-;SRWE'$TI:WW'Y.[G#]'#GK# )1%"V.O1;@P=]&=><DK>ST0K2% MDW 09[J=!C5*&-,K>LQ10J%Z8]'FNZ'%*\(VOA,-YKUC?GE[IPD-0*MJW8^* MP_;VC!I"!5'41?6?IV(A:!4@0SR9YWR])-BID1=SB#]6&S$X&+1Q#YK-R Z> MCBX;X8R8@\L?,?%$3,8$<TEV8 _'^+T7@&LNZ<Q,#EJ:>0\@"B[5GF,F'E62 ME-B"%UI[T+S'CTZ&!#""!)TP@@.%H ,"`0("$#0]Z2NL)S3_C\LTE/O,<%0P M#08)*H9(AO<-`0$%!0`P;S$+, D&`U4$!A,"4T4Q%# 2!@-5! H3"T%D9%1R M=7-T($%",28P) 8#500+$QU!9&14<G5S="!%>'1E<FYA;"!45% @3F5T=V]R M:S$B," &`U4$`Q,9061D5')U<W0@17AT97)N86P@0T$@4F]O=# >%PTP-3 V M,#<P.# Y,3!:%PTR,# U,S Q,#0X,SA:,(&N,0LP"08#500&$P)54S$+, D& M`U4$"!,"550Q%S 5!@-5! <3#E-A;'0@3&%K92!#:71Y,1XP' 8#500*$Q54 M:&4@55-%4E1255-4($YE='=O<FLQ(3 ?!@-5! L3&&AT=' Z+R]W=W<N=7-E M<G1R=7-T+F-O;3$V,#0&`U4$`Q,M551.+55315)&:7)S="U#;&EE;G0@075T M:&5N=&EC871I;VX@86YD($5M86EL,((!(C -!@DJADB&]PT!`0$%``."`0\` M,((!"@*"`0$`LCF%I/)]JT$[8D8WKLW!8'6\.67Y2AI'HKG,2,QJF-5--1FY MI$+ESDGBBB\>?-(Q!\=.M(-DG2XIU:)DQ(6]A5$U>:1.:)![''JDDJ@7\I@5 M\I/,R:0RE;L,3S"]F* +B^5N&Z)&^GB\HF^K65ZE+\_*VFVJ+^NLH;-JJK<N M9S6+>>$>:8CBYD;-H*7JO@O.=CIZ#IOJ_-HG6SUS'R+F2&'&3/-IL:@N&[;4 M,2 LO(**CJ0.I=>)0_P66J\=<=<16=JZAPVO^O/APO"DQ6>,UM94.MX*I+H# M=[-ER/T>TW1BJAC*:),>H85^]4=ER_A-5RATTC3_,+;N]F(P%(PLZP(#`0`! MHX'T,('Q,!\&`U4=(P08,!: %*V]F'HTM";W^L0F5.\#O> DRU0:,!T&`U4= M#@06!!2)@F=]Q)TF< !+M%!(?-X]K@1N?3 .!@-5'0\!`?\$! ,"`08P#P8# M51T3`0'_! 4P`P$!_S 1!@-5'2 $"C (, 8&!%4=( `P1 8#51T?!#TP.S Y MH#>@-88S:'1T<#HO+V-R;"YU<V5R=')U<W0N8V]M+T%D9%1R=7-T17AT97)N M86Q#05)O;W0N8W)L,#4&""L&`04%!P$!!"DP)S E!@@K!@$%!0<P`889:'1T M<#HO+V]C<W N=7-E<G1R=7-T+F-O;3 -!@DJADB&]PT!`04%``."`0$``;R< MXV,HL/,Q`<+?>]UBH &=(S$/G))S4U'J'TSZUI_$RB]G?G@S#W06N9&'D?6* M)OID< #8'OD+!&)0AY.!U-KU(]LTNX56M' T;GB#-QZ%',41%9)?AQ>]K&K] M\<+1S(E?L7SP/E'R-?-\[&"8:SHKX._?LWV&Z[4;]5OLHGR8$]<`4+G1+7/> M`WATX06%,5[+FKF=E,:YE#=U<MQ$^V?H\/HE'E*GVB7I1^"@QSR@3K$*-OMW M2)_OEXK[M/[CE!2H@[Q<+3_28'%@[L)Q@@SIB#;CVB"THZ!LJI9+N(".=<I) M!_8[%+K?W 79G]O@LN9-H'@FY^<M;G]?QAZ(%3""!1HP@@0"H ,"`0("$&T9 MZJ<93VHS(N8B,GJJ<=XP#08)*H9(AO<-`0$%!0`P@:XQ"S )!@-5! 83`E53 M,0LP"08#500($P)55#$7,!4&`U4$!Q,.4V%L="!,86ME($-I='DQ'C <!@-5 M! H3%51H92!54T525%)54U0@3F5T=V]R:S$A,!\&`U4$"Q,8:'1T<#HO+W=W M=RYU<V5R=')U<W0N8V]M,38P- 8#500#$RU55$XM55-%4D9I<G-T+4-L:65N M="!!=71H96YT:6-A=&EO;B!A;F0@16UA:6PP'A<-,3$P-#(X,# P,# P6A<- M,C P-3,P,3 T.#,X6C"!DS$+, D&`U4$!A,"1T(Q&S 9!@-5! @3$D=R96%T M97(@36%N8VAE<W1E<C$0, X&`U4$!Q,'4V%L9F]R9#$:,!@&`U4$"A,10T]- M3T1/($-!($QI;6ET960Q.3 W!@-5! ,3,$-/34]$3R!#;&EE;G0@075T:&5N M=&EC871I;VX@86YD(%-E8W5R92!%;6%I;"!#03""`2(P#08)*H9(AO<-`0$! M!0`#@@$/`#""`0H"@@$!`)*$A%M+5YC47B^+I.% R*-36%]F9?$R3O>?,GU5 MT'A,5;="E.#Y)W$'Q<9II+DRQ/% &I#,)U9B?Q>U<6FNY2 ;Y,MC7F#*HD'V M:N&C_[C?'TAM94.,*BXK8SAWW[$7K,+:@@+6U#)JU&=O(!./7#7ZY52 K]AQ M"ATW"@)04VR5':D0%+29E5D2,?\)HM),W%+;WN) `5M(:-W%2K3@[20?.J]Q M7P?CK+\4.[ E<6@]] _6%UA&%8$\:(N+@P]M>B%7YC2PVS)^XTKAI5)R9":1 M3J62#__@L6#]&F]H49ECC1J+I<Q"FYM](F/3J:#\SIZ0WT09]%Q;-;H6\Z>; M_\$"`P$``:."`4LP@@%',!\&`U4=(P08,!: %(F"9WW$G29P`$NT4$A\WCVN M!&Y],!T&`U4=#@06!!1Z$TX`=%O&>&-D)\$OXJ!;O'G%>S .!@-5'0\!`?\$ M! ,"`08P$@8#51T3`0'_! @P!@$!_P(!`# 1!@-5'2 $"C (, 8&!%4=( `P M6 8#51T?!%$P3S!-H$N@289':'1T<#HO+V-R;"YU<V5R=')U<W0N8V]M+U54 M3BU54T521FER<W0M0VQI96YT075T:&5N=&EC871I;VYA;F1%;6%I;"YC<FPP M= 8(*P8!!04'`0$$:#!F,#T&""L&`04%!S "AC%H='1P.B\O8W)T+G5S97)T M<G5S="YC;VTO551.061D5')U<W1#;&EE;G1?0T$N8W)T,"4&""L&`04%!S ! MAAEH='1P.B\O;V-S<"YU<V5R=')U<W0N8V]M, T&"2J&2(;W#0$!!04``X(! M`0"%UKYX5U5M,W]$4OY"U0:H`0. BOL-LOU*O_:O04GU&UK%TJT;<VX^Z29\ MYDR8P3 HW\O[0CRA)3X*==;0/3F&9M&AF[5-FV^O*&P=K^7J=%JHVK' \75Z M+YZZDWG*_N*1'E9TLOB-T^!#<AOMC_U@.2!'^XNO.F5(/)@]I26_O>]@X$GE M%LCK/T.#\.#N#<'3S3-?F]"]8&JS._[ZU,DZ/!_MF_^;23.^0BDY@^XS:2Z" MG45-J&G:@!L>/=(:77Q'F:6;"&T2F8;675<'&Z<PODM)1+B0?LK1>3CKM#/Z MH#I=)EB>8548M"'5F=7@0T!",+[JI>>4TK#^\W7Y?V[G,((%/3""!"6@`P(! M`@(03834%(.4H6';7#:ZQFQ!_# -!@DJADB&]PT!`04%`#"!DS$+, D&`U4$ M!A,"1T(Q&S 9!@-5! @3$D=R96%T97(@36%N8VAE<W1E<C$0, X&`U4$!Q,' M4V%L9F]R9#$:,!@&`U4$"A,10T]-3T1/($-!($QI;6ET960Q.3 W!@-5! ,3 M,$-/34]$3R!#;&EE;G0@075T:&5N=&EC871I;VX@86YD(%-E8W5R92!%;6%I M;"!#03 >%PTQ,C$P,38P,# P,#!:%PTQ,S$P,38R,S4Y-3E:,"\Q+3 K!@DJ MADB&]PT!"0$6'G-C;W1T+F$N:&5R8F5R=$!G;V]G;&5M86EL+F-O;3""`2(P M#08)*H9(AO<-`0$!!0`#@@$/`#""`0H"@@$!`+A8[KX;4"/^L%#FT50G3-@\ MDMLQ3%KI+1],X]A=F!7JTV\6`@R$[+V;[7/_6"V+?Y^_YD"B. !)0O$3K-<4 MCZK:9XCQ$T,E5BDSA$?(\"'1`&=.\/SRG<] D[!OY\:,X1*0:,8RMD%*N[97 M%Q2<$UP0B)3/E]A:>[D:5VI&@=<:T?5NH#41?B#%:XA /8(T<EC6N^".FUP/ M8?'Z@V=L3A(%K]63/768LK?Y-A:)RAK 0R?A_85Y3ZI@W""_3<CS+&,1N^7U MDW-<>ZM8&S81E$J(.7-_5O?#(@#0B-G0'O@*G@Y24NFGPJO+9*%P7B-8BU*O MC+B:CO:'X0E:DU*+594"`P$``:."`>XP@@'J,!\&`U4=(P08,!: %'H33@!T M6\9X8V0GP2_BH%N\><5[,!T&`U4=#@06!!1Z(.'7M5-?^[A[MW->N8KC/))( MPC .!@-5'0\!`?\$! ,"!: P# 8#51T3`0'_! (P`# @!@-5'24$&3 7!@@K M!@$%!0<#! 8+*P8!! &R,0$#!0(P$08)8(9(`8;X0@$!! 0#`@4@,$8&`U4= M( 0_,#TP.P8,*P8!! &R,0$"`0$!,"LP*08(*P8!!04'`@$6'6AT='!S.B\O M<V5C=7)E+F-O;6]D;RYN970O0U!3,%<&`U4='P10,$XP3*!*H$B&1FAT=' Z M+R]C<FPN8V]M;V1O8V$N8V]M+T-/34]$3T-L:65N=$%U=&AE;G1I8V%T:6]N M86YD4V5C=7)E16UA:6Q#02YC<FPP@8@&""L&`04%!P$!!'PP>C!2!@@K!@$% M!0<P`H9&:'1T<#HO+V-R="YC;VUO9&]C82YC;VTO0T]-3T1/0VQI96YT075T M:&5N=&EC871I;VYA;F1396-U<F5%;6%I;$-!+F-R=# D!@@K!@$%!0<P`888 M:'1T<#HO+V]C<W N8V]M;V1O8V$N8V]M,"D&`U4=$00B,""!'G-C;W1T+F$N M:&5R8F5R=$!G;V]G;&5M86EL+F-O;3 -!@DJADB&]PT!`04%``."`0$`A3-8 M'_]0^B8M=4S87?%!%#1P9B2NNKJI?ES\CK:[S*92K6N%_S[49QMR.S**KI"( MKQBJY-H>]9_@##BA8OZ2J=]H02M\G'=S8S=A;>#:MOV,;";+($<Z* WCIMM- M8N>,_N^[JFW,;NV2[/AP1:R:%I+0)B+>+N;N8JE-59W61$U4'D<'Z<<6CSR7 M\C*V`*"W[W,R-/O(`TNA"6I'(/(MG],"SD*E:N%AL^O?AJX</94K?/ B8E_= M5:A'#IFW\_:T(Q:KQ2!]$$=->SGI)/9')@&U?\Z#OP=O^.Y *S+C:1_#L+ J M-F#/>91 *_Z()?ZB!=O@E=+ D/#%Z'PO#T>J;C&"!(DP@@2%`@$!,(&H,(&3 M,0LP"08#500&$P)'0C$;,!D&`U4$"!,21W)E871E<B!-86YC:&5S=&5R,1 P M#@8#500'$P=386QF;W)D,1HP& 8#500*$Q%#3TU/1$\@0T$@3&EM:71E9#$Y M,#<&`U4$`Q,P0T]-3T1/($-L:65N="!!=71H96YT:6-A=&EO;B!A;F0@4V5C M=7)E($5M86EL($-!`A!-A-04@Y2A8=M<-KK&;$'\, T&"6"&2 %E`P0"`P4` MH(("L3 8!@DJADB&]PT!"0,Q"P8)*H9(AO<-`0<!,!P&"2J&2(;W#0$)!3$/ M%PTQ,C$P,S$Q.#$U,C%:,$\&"2J&2(;W#0$)!#%"!$#H@JZUAK"!XG&'+.#B M7O?,+'$*#N6KR#7RKV-W<6GT5U=6\BZP$MI2G 3P4GK2\>H:2PS\]7'EKQW7 MUR.;7]<A,(&K!@DJADB&]PT!"0\Q@9TP@9HP"P8)8(9(`64#! $J, L&"6"& M2 %E`P0!%C *!@@JADB&]PT#!S +!@E@AD@!90,$`0(P#@8(*H9(AO<-`P(" M`@" , <&!2L.`P(', T&""J&2(;W#0,"`@% , T&""J&2(;W#0,"`@$H, L& M"6"&2 %E`P0"`S +!@E@AD@!90,$`@(P"P8)8(9(`64#! (!, <&!2L.`P(: M,(&Y!@DK!@$$`8(W$ 0Q@:LP@:@P@9,Q"S )!@-5! 83`D=",1LP&08#500( M$Q)'<F5A=&5R($UA;F-H97-T97(Q$# .!@-5! <3!U-A;&9O<F0Q&C 8!@-5 M! H3$4-/34]$3R!#02!,:6UI=&5D,3DP-P8#500#$S!#3TU/1$\@0VQI96YT M($%U=&AE;G1I8V%T:6]N(&%N9"!396-U<F4@16UA:6P@0T$"$$V$U!2#E*%A MVUPVNL9L0?PP@;L&"RJ&2(;W#0$)$ (+,8&KH(&H,(&3,0LP"08#500&$P)' M0C$;,!D&`U4$"!,21W)E871E<B!-86YC:&5S=&5R,1 P#@8#500'$P=386QF M;W)D,1HP& 8#500*$Q%#3TU/1$\@0T$@3&EM:71E9#$Y,#<&`U4$`Q,P0T]- M3T1/($-L:65N="!!=71H96YT:6-A=&EO;B!A;F0@4V5C=7)E($5M86EL($-! M`A!-A-04@Y2A8=M<-KK&;$'\, T&"2J&2(;W#0$!`04`!((!`&H?2C[NL6"Q MB-\#'_%I5I IF `0,+EZXGV]53<BU.2G76X8W@RUG9X>H,E)P\#%QGQ]U.NW M$ 32D*V9T!5Y.&^Y*3L#'CMH\^AH=/XY3+S+_"+RQ!H_-^,(Y]'YE:4#*-"( MO'(H[][P$WST$^50`J[(=*%"5-R L*GVYIP@80QN<4-.BX:[SHWLQ.U^E>,& MNFJN#=89YZ<]/$4EH=67.ML15S0,F:D.MTLYW#X0)A[]#\KN17I9\6)&/ CJ MDJ;6TQ)E%_T9F?T3)8Q\7^ABW,?RQI!']R<']@-;!?)S("N#"6H`R),MZN!- =B.WN407"W\=7!#=XX-#-=J7J,XTYV8(````````` ` end ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bank Of Montreal Online Security mrtolton (Oct 29)
- RE: Bank Of Montreal Online Security Trey Keifer (Oct 29)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 30)
- RE: Bank Of Montreal Online Security Dave Kleiman (Oct 31)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 31)
- RE: Bank Of Montreal Online Security Alexander A. Kelner (Oct 30)
- RE: Bank Of Montreal Online Security Trey Keifer (Oct 29)
- <Possible follow-ups>
- Re: Bank Of Montreal Online Security hankveins (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- Re: Bank Of Montreal Online Security Alexander Meesters (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- Re: Bank Of Montreal Online Security Davin Enigl (Oct 30)
- RE: Bank Of Montreal Online Security Scott Herbert (Oct 31)