I do not think banks are very concerned with the security of the operating system on their machines. The approach they take is physically secure the machine and secure the network. Restrict the type of outgoing communications of the banking systems to only special protocols such a ISO 8583. I doubt the IE client on the machine ever sends an external http or https request on any type of unencrypted public tcp/ip network. I doubt they accept any type of incoming requests at all(only responses). I'm not saying this is the best approach but its not as brain dead as one might imagine seeing a IE script error or in the case of the Laurentian bank an IE illegal character error. I hope this is not wishful thinking on my part in fact like most of us I depend on it.
Alan On 01/15/2010 09:34 AM, [email protected] wrote: > On Fri, Jan 15, 2010 at 09:22:13AM -0500, Stephane Bakhos wrote: > >>>>> I don't know if BMO is any better, they limit your password to 6 >>>>> characters for their online banking service :( >>>>> >>>> I think you'll find out that it is 6 _digits_ >>>> >>> No, it's characters, mine is alphanumeric. Still annoying though. >>> >> Convert the letters to numbers (look at a phone keypad). >> > Try typing in different letters that correspond to the same digits next > time you log in, and find out whether the modified password is accepted. > > -- hendrik > _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
