Security Basics mailing list archives
Re: SMS Banking
From: Markus Matiaschek <mmatiaschek () gmail com>
Date: Fri, 5 Feb 2010 16:08:09 -0600
Hi, I'd just like to make some comments, i didn't think about a solution for your problem. First of all i think that my Budi wibowo got something wrong regarding who is sending the PIN. Second, GSM is cracked: http://reflextor.com/trac/a51 and can be intercepted and decrypted. You should take this into account. Third i think the only farely safe way to make money transfers is with transaction numbers, TANs. German banks send mobileTANs to preregistered cell phone numbers to allow a transaction (through online banking though). A "three-way-handshake" with a mTAN should pretty much prevent transactions through spoofed numbers. regards, Markus Matiaschek Absolute IT Consulting S.A. San José, Costa Rica ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- SMS Banking M.D.Mufambisi (Feb 04)
- Re: SMS Banking Dennis Storm (Feb 05)
- Re: SMS Banking pasquale imperato (Feb 05)
- Re: SMS Banking Budi wibowo (Feb 05)
- Re: SMS Banking Agus 'Bosen' Supriadhie (Feb 05)
- Re: SMS Banking Doug Farre (Feb 05)
- RE: SMS Banking Thor (Hammer of God) (Feb 05)
- Message not available
- Re: SMS Banking Markus Matiaschek (Feb 05)
- RE: SMS Banking Craig S. Wright (Feb 08)
- RE: SMS Banking Thor (Hammer of God) (Feb 08)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- RE: [Full-disclosure] SMS Banking Craig S. Wright (Feb 10)
- Re: SMS Banking Markus Matiaschek (Feb 05)
- Re: SMS Banking Dennis Li (Feb 08)
- <Possible follow-ups>
- Re: SMS Banking Brad Reaves (Feb 05)
- Re: SMS Banking Tim Clewlow (Feb 08)
- Re: SMS Banking NetEvil (Feb 05)
- FW: SMS Banking Craig S. Wright (Feb 10)