funsec mailing list archives
Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Jun 2007 12:35:52 -0400
On Thu, 28 Jun 2007 07:44:32 CDT, Dennis Henderson said:
So tell me what steps do you take to make sure your online banking experience is a safe one? If you don't do online banking, then please don't comment further in this thread.
Actually, I do quite a bit of it - recognizing that it's not 100% safe, but that there's tradeoffs. My software and hardware config is such that there's reasonably low risk involved - I'm quite frankly usually more worried about what that Applebee's employee is doing with my card while I'm paying for lunch.
Is it so beneath you to provide positive advice or commentary on *any* topic?
OK. Here you go, I'll add a few just for you...
Dont download every free tool and software you can get your hands on. Read the EULA's when you do. These are basic bits of information that can help people stay out of trouble. Make Fergie happy, run TrendsAV. Patch to the hilt. Run a firewall. Learn how to tell if your actually on your bank's site. Its really not that hard given all the resources that browsers come with these days. Dont click on any and all links in emails especially if they're from your bank or financial institution. If your bank sends you emails with links, find another bank.
Don't visit *any* web site that includes material (banner ads, linked images, and so on) from a third-party site, or that could possibly have been compromised since your last visit. Employ methods to prevent unpatched holes in your favorite browser from being used to exploit your machine. Unfortunately, neither of these is something that is easily doable by Joe Sixpack.
These are basic bits of information that can help people stay out of trouble. Sounds clueless? Well to clueless people these things are probably sage advice. Wont remove the risk, but it can reduce it dramatically.
Yes, it *helps*, but it certainly does *not* make the risk low enough that one should judge that it *must* have been the user's fault somehow, for actually using the machine for what the operating system vendor and the bank both advertised as a reasonably safe activity - using the computer to surf the web and do electronic business and financial transactions.
0days are still a minor vector compared to what's keeping the online banking fraud cartels alive.
Again, the fact that unpatched holes that people don't know about and can't easily defend themselves against may be 5% of the total doesn't mean that it's 0% and you can readily assign blame to the consumer.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases, (continued)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Blue Boar (Jun 27)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Jim Murray (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Gadi Evron (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Nick FitzGerald (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Bill Weiss (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Message not available
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 27)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dude VanWinkle (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dennis Henderson (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Valdis . Kletnieks (Jun 28)
- Re: [off-list] Re: NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases Dude VanWinkle (Jun 28)