Hi,
<snipped> Dear Arun, <rant> Thank you for sharing those links. I have seen these on so many Indian sites including our own Income Tax Department ( to file ITR Returns) that it has become a joke. There is a term called 'Security theater' https://en.wikipedia.org/wiki/Security_theater which is apt for this occasion. To top it with the new Firefox release, you cannot even use addons like Certificate Patrol to see what kinds of TLS encryption the site https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/ . I have seen lots of reputable sites using pretty poor ciphers for encryption and for end-users there is no reasonable way for them to take a call as to what's best or needs to be changed, including most of the private and public banks. Security is all about the risk that you can take. It has nothing much to do with anything else. If you are covered under some assurance/insurance from the bank or other such authorities, you should not bother much about the criticality of the cyphers etc. It's your (users) call to accept the risk or not. BTW Even RBI uses some certificate issued by private parties. (Not Indian) Regards Sudhanwa FWIW I have written to some banks whose customer I am and had been thinking of shifting to digitial platforms but haven't received any sort of substantial answers from them. What you have highlighted is that only 0.0001 percent fools like us want security and are a bit paranoid like us. The rest just go about their merry way. I don't have solutions other than building awareness on the bottom of the pyramid but that is kind of slow death. When people are ready to give their fb usernames and passwords at the drop of the hat without doing any social engineering than this feels like a long task </rant> I do wish we had better ways to enhance and mass-reach on sensitive topics like these. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 _______________________________________________ plug-mail mailing list [email protected] http://list.plug.org.in/listinfo/plug-mail
_______________________________________________ plug-mail mailing list [email protected] http://list.plug.org.in/listinfo/plug-mail
