Penetration Testing mailing list archives
Re: [PEN-TEST] Home-Banking PEN-TESTING
From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Fri, 1 Sep 2000 16:33:41 +0100
----- Original Message ----- From: Domenico De Vitto <dom () DEVITTO DEMON CO UK> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Thursday, August 31, 2000 8:02 PM Subject: Re: Home-Banking PEN-TESTING [snip]
Stuff like (encrypted) pages being stored in the cache, and so available to any/all users of the same computer are often considered by the press to be breaches in security, but fundamentally you must look at the comparitive risk - do you use your credit card in resturants?
[snip]
Bearing in mind the possible vulnerabilities that a hostile web page can
attempt against your box via the browser, cookies or cached pages may be an
issue.
Yes, it is a question of risk mitigation and acceptance, I will use a credit
card in a restaurant but I won't post it to a noticeboard ;-)
In certain enviroments, gaining physical access to a computer is fairly
straightforward - how many times have you seen people conduct similar style
transactions in internet cafe's or other public area's ?
Not that I'm paranoid or anything ;-)
Regards,
JJ
Current thread:
- Re: [PEN-TEST] Home-Banking PEN-TESTING Domenico De Vitto (Sep 01)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Nexus (Sep 01)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Meredith S (Sep 01)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Domenico De Vitto (Sep 07)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Meredith S (Sep 01)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Nexus (Sep 01)