On 07.05.14 00:34, Andrew McGlashan wrote:
Apparently the Commonwealth Bank was effected, but they claim that only the main website was vulnerable, not Netbank -- can you trust them? I think NOT! Banks do NOT care about security as much as they need to; why do you think tap-and-pay systems are so good for them ... it's because the RETAILER takes ALL the risk whilst the bank takes NO RISK at all.
Is there any evidence for any of those assertions? That bank cared enough about security to _insist_ on sending a security dongle when a substantial netbank account was opened - they did not wish to accept liability for loss of that amount of funds without the extra security provision. Given the one-time access provided by each long-cycle pseudorandom code produced by the dongle, a strong password on the account becomes mere back-up protection. AIUI anyone can ask for a dongle. It's worth knowing that even if account ID and password were intercepted, they would avail a crim nothing at all. Erik -- A computer is like an air conditioner, it works poorly when you open Windows.