Re: [spam]::Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-13 Thread Jonathan Thornburg
In an earlier message, I wrote I would never use online banking, and I advise all my friends and colleagues (particularly those who _aren't_ computer-security-geeks) to avoid it. Jason Axley asked Why do you not use OLB? Basically, so far as I know the fine print in online bank service

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-13 Thread Peter Clay
On Mon, Dec 05, 2005 at 07:29:11PM +0100, Florian Weimer wrote: For those of you who haven't rolled out a national ID scheme in time, there's still the general identity theft problem, but this affects you even if you don't use online banking. Hmm. What's the evidence that national ID schemes

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-13 Thread Anne Lynn Wheeler
Peter Clay wrote: Hmm. What's the evidence that national ID schemes reduce credit fraud (what people normally mean when they say ID theft)? How does it vary with the different types of scheme? I've been opposing the UK scheme recently on the grounds of unreliable biometrics and the bad idea

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-08 Thread Bill Stewart
At 08:05 PM 12/2/2005, [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. I've used it for about a decade at my credit union, and I've had my paychecks deposited directly for decades. There are things I absolutely won't do, like have a

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Janusz A. Urbanowicz
On Fri, Dec 02, 2005 at 11:05:29PM -0500, [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. This is from European perspective: I do and couldn't do without it now. Most of my

AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Kuehn, Ulrich
-Urspr√ľngliche Nachricht- Von: Nicholas Bohm [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 6. Dezember 2005 12:03 An: Florian Weimer Cc: cryptography@metzdowd.com Betreff: Re: [Clips] Banks Seek Better Online-Security Tools Florian Weimer wrote: * Nicholas Bohm: [...] I hope

Re: AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Florian Weimer
* Ulrich Kuehn: In 2000 someone here in Germany already demonstrated how to attack smart card based HBCI transactions. Those transactions are authorized by an RSA signature done by the card. Here's a link: http://www.heise.de/newsticker/meldung/9349 The attack relyed on the card reader not

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Janusz A. Urbanowicz writes: Bank statements come on paper or in S/MIME signed emails. This is interesting -- the bank is using S/MIME? What mail readers are common among its clientele? How is the bank's certificate checked? --Steven M.

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Janusz A. Urbanowicz
On Wed, Dec 07, 2005 at 10:31:52AM -0500, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Janusz A. Urbanowicz writes: Bank statements come on paper or in S/MIME signed emails. This is interesting -- the bank is using S/MIME? What mail readers are common among its clientele?

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Jonathan Thor nburg writes: I would never use online banking, and I advise all my friends and colleagues (particularly those who _aren't_ computer-security-geeks) to avoid it. I do use it -- but never from a Windows machine. The OS I use is probably better, but

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Nicholas Bohm: [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan I do. My bank provides an RSA SecureId, so I feel reasonably safe against anyone other than the bank.

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread mis
please, can people tell us about what their country's liability framework is, as they understand it, and where the onus of proof is for what sorts of transactions? this is one of the few areas where consumers have some actual protection in the us. due to ross anderson, i have heard about the uk.

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. Why? Repudiating transactions is easier than ever. As a consumer, I fear technology which is completely secure according to experts, but which can be broken

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Eugen Leitl: The German PIN/TAN system is reasonably secure, being an effective one-time pad distributed through out of band channel (mailed dead tree in a tamperproof envelope). Some banks have optimized away the special envelope. 8-( It is of course not immune to phishing (PIN/TAN

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Jonathan Thornburg: Ahh, but how do you know that the transaction actually sent to the bank is the same as the one you thought you authorized with that OTP? If your computer (or web browser) has been cracked, you can't trust _anything_ it displays. There are already viruses in the wild

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Ian G
[EMAIL PROTECTED] wrote: okay, i read this story from 7/2005 reporting an incident in 5/2005. the short form of it is: Not a bad summary. I'd say that when one is dealing with any such crime, there are always unanswered questions, and issues of confusion (probably as much for the attacker

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Nicholas Bohm
Florian Weimer wrote: * Nicholas Bohm: [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan I do. My bank provides an RSA SecureId, so I feel reasonably safe against anyone

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Kerry Thompson
[EMAIL PROTECTED] said: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. I do. Although, only from PCs that I trust such as my linux box at home. And I keep a close watch on my bank statements. All things

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Ian G
[EMAIL PROTECTED] wrote: dan, maybe you should just keep less money in the bank. i use online banking and financial services of almost every kind (except bill presentment, because i like paper bills). i ccannot do without it. it seems to me the question is how much liability do i expose

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Nicholas Bohm
Kerry Thompson wrote: [EMAIL PROTECTED] said: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. I do. Although, only from PCs that I trust such as my linux box at home. And I keep a close watch on my bank

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread mis
On Mon, Dec 05, 2005 at 09:24:04AM +, Ian G wrote: [EMAIL PROTECTED] wrote: it seems to me the question is how much liability do i expose myself to by doing this, in return for what savings and convenience. That part I agree with, but this part: i don't keep a lot of money in banks

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Jonathan Thornburg
I would never use online banking, and I advise all my friends and colleagues (particularly those who _aren't_ computer-security-geeks) to avoid it. On Sun, Dec 04, 2005 at 05:51:11PM -0500, [EMAIL PROTECTED] wrote: I've been using online banking for many years, both US and Germany. The German

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread R. A. Hettinga
At 2:29 PM -0800 12/3/05, John Gilmore wrote: ...how many people on this list use or have used online banking? To start the ball rolling, I have not and won't. Dan, that makes two of us. The only thing I ever use it for is to make sure the wires are in before I spend money. :-) Cheers, RAH

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread mis
dan, maybe you should just keep less money in the bank. i use online banking and financial services of almost every kind (except bill presentment, because i like paper bills). i ccannot do without it. it seems to me the question is how much liability do i expose myself to by doing this, in

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread Nicholas Bohm
[EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan I do. My bank provides an RSA SecureId, so I feel reasonably safe against anyone other than the bank. I have no basis for

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread Ian G
[EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. I have not! I declined the chance when my bank told me that I had to download their special client that only runs on windows...

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread leichter_jerrold
| You know, I'd wonder how many people on this | list use or have used online banking. | | To start the ball rolling, I have not and won't. Until a couple of months ago, I avoided doing anything of this sort at all. Simple reasoning: If I know I never do any financial stuff on-line, I can

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-03 Thread dan
You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan Cryptography is nothing more than a mathematical framework for discussing the implications of various paranoid delusions. -- Don Alvarez

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-03 Thread Greg Black
On 2005-12-02, [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. I've been using it for me and my wife with 3 banks since they first offered it; I use it every week to pay all our

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-03 Thread John Gilmore
...how many people on this list use or have used online banking? To start the ball rolling, I have not and won't. Dan, that makes two of us. John - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-03 Thread Paul Hoffman
At 11:05 PM -0500 12/2/05, [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. I have, and it's nice for making Quicken data entry faster, but that's about all. The rest gives me the

[Clips] Banks Seek Better Online-Security Tools

2005-12-02 Thread R. A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 1 Dec 2005 16:54:00 -0500 To: Philodox Clips List [EMAIL PROTECTED] From: R. A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Banks Seek Better Online-Security Tools Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED