On 09/01/2010 01:39 PM, Perry E. Metzger wrote:
Hardly the first time such things have happened, but it does focus
the mind on what the threats are like.
http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/
In the mid-90s, dialup consumer online banking gave pitches on motivation for
moving
to the internet (major justification was the significant cost in supporting
proprietary
dialup infrastructure ... including all the issues with supporting serial-port
modems;
one such operation claimed library of over 60 different drivers for various
combinations
of customer PCs, operating systems, operating system levels, modems, etc).
At the same time, the dialup business/commercial online cash-management
operations were
pitching why they would *never* move to the internet ... even with SSL, they had
a long list of possible threats and vulnerabilities.
Some of the current suggested countermeasures are that businesses have a
separate,
dedicated PC that is dedicated solely to online banking operations (and *NEVER*
used for anything else).
a few recent posts on the subject:
http://www.garlic.com/~lynn/2010m.html#38 U.K. bank hit by massive fraud from
ZeuS-based botnet
http://www.garlic.com/~lynn/2010m.html#53 Is the ATM still the banking
industry's single greatest innovation?
http://www.garlic.com/~lynn/2010m.html#58 memes in infosec IV - turn off HTTP, a small
step towards "only one mode"
http://www.garlic.com/~lynn/2010m.html#65 How Safe Are Online Financial
Transactions?
--
virtualization experience starting Jan1968, online at home since Mar1970
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
