Mailinglist Archive: opensuse (2162 mails)

[Neil <hok.krat@xxxxxxxxx>]

On Tue, Aug 26, 2008 at 10:26 PM, Jon Clausen <jon@xxxxxxx> wrote:
> On Tue, 26 Aug, 2008 at 16:13:26 +0200, Neil wrote:
> > On 8/26/08, Larry Stotler <larrystotler@xxxxxxxxx> wrote:
> > > On Tue, Aug 26, 2008 at 12:47 AM, Jon Clausen <jon@xxxxxxx> wrote:
>
> > > > It's simple and effective. No 'keyfiles', no java, and it works with 
> > > > Firefox
> > > > on Linux.
> > >
> > > One of my banks requires flashplayer as a security measure.   It uses
> > > it to "register" your machine so you aren't asked a challenge
> > > question.  Of course the challenge questions aren't very hard to guess
> > > either, so......
>
> Sounds dubious to me in the first place, but other than that it just seems
> kind of 20th century to register any specific system for banking purposes...
>
> > Hi
> >
> > My bank (Rabo, NL) requires me to athenticate with a "Random Reader"
> > (a small handheld device) in order to log in. I insert my card and
> > enter my code. It generates a code wich I have to enter on the site.
> > This code can only be used once (or, rather, a looong time in between)
> > and I can only vieuw my bank accounts and prepare transactions. To
> > sign transactions (so they will not dissapear at logoff) I have to use
> > the random reader again, but now I also have to enter a validation
> > code from the site into the random reader before it gives the sign
> > code.
>
> Pretty much the same deal as with the code leaflet. Each transaction uses
> one of the code-pairs, which then becomes invalid. Once all the codes have
> been used, you need a new leaflet.
>
> > As long as the site isn't "spoofed" this will be safe, at least
> > as far as I know and care (I am a student. There aren't many millions
> > of euro's available thru my account. Only a couple :P)
>
> I'm not too worried about the site being spoofed, since the chances of
> anyone being able to reproduce the code-pairs on any given leaflet are
> pretty slim.
>
> Basically the bad guys would have to get acces to the algorithm that
> generated the codes, or hack into the bank's systems, in which cases all
> bets are off anyway.
>
> > This also prevents me from loosing my leaflet with the codes, because
> > all random readers are equal. I can just walk into my bank and ask for
> > a new one. No one can acces my account w/o my pass and my PIN (as far
> > as I know).
>
> Security-wise, losing the leaflet is no big deal:
> Noone's going to be able to use it for anything without knowing which
> account it's for, passphrases, and the other stuff.
> It might be inconvenient, but not a problem, to have to wait a few days
> until I got a new set of codes.
>
> Actually I'd be much less interested in Yet another Device to carry
> around... but that's just me...
>
> /jon
> --
> YMMV
> --
> To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hi

Well, the random reader has a default place on my desk, while I
already have more than enough pieces of paper with important data on
it. These I tend to lose......
And what is the difference between a small (1cm thick 8cm long and 5
cm wide or so) device or a piece of paper to carry around?

Neil


-- 
There are two kinds of people:
1. People who start their arrays with 1.
1. People who start their arrays with 0.

-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx