Davis' plan is actually flawed from the outset. Phillip's attack is NOT at the bank (stanbic in his example)
The attack is at a corporate client of Stanbic's who uses stanbic's online banking interface. And his attack isn't completely hypothetical. Both him and I have worked at one such corporate client and helped to install the said stanbic software. And the IT security at this company was non-existent on the internal network. This paragraph actually made me chuckle. Is this Uganda we're talking about? I've done aircrack cracks on a number of corporate wireless networks and there's a lot of WEP and WPA1 out there. And I know many corporate system administrators who wouldn't be able to expand a single one of the abbreviations in this paragraph. Yes, even SSL. "Goodness, in the corporate world, security does not mean passwords, actually PAP is the least secure, leverage schemes like CHAP, DIAMETER, RADIUS, TACACS/TACACS+ yet even at the port level you have EAP, security goes even to the physical level to leverage Quantum cryptography; PKI, RSN, TLS/SSL, DNSsec, IPsec, PGP, etc are all there for you to use. You have so many strategies for protection, forget the days of GSM and WEP or even DES for that matter. At the human interface you have a range of multi-factor authentication schemes, Biometrics is also cheap nowadays (assume FAR is a myth, yet even if not, you could leverage the multi factor scheme)" P. -- Evolution (n): A hypothetical process whereby infinitely improbable events occur with alarming frequency, order arises from chaos, and no one is given credit.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
