On Tue, 23 Jan 2007 07:57:55 +1100 Alex Samad <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 23, 2007 at 07:45:02AM +1100, Alan L Tyree wrote: > > On Tue, 23 Jan 2007 07:34:24 +1100 > > James Purser <[EMAIL PROTECTED]> wrote: > > > > > On Tue, 2007-01-23 at 07:22 +1100, Alan L Tyree wrote: > > > > Hi all, > > > > I'm about to give an interview on the ABC concerning the EFT > > > > Code of Conduct. I realised that I am ignorant on the following > > > > question: > > > > > > > > When a customer connects for on-line banking, is it possible to > > > > identify the system that the customer is using? Can they tell > > > > it is Windows 98, XP, etc? > > > > > > > > Thanks for any feedback on this. > > > > > > > > Alan > > > > > > Hi Alan, > > > > > > It is possible to identify the OS that a browser is based on, as > > > this is part of the information the browser sends to the server. > > > However in browsers outside of IE this is spoofable. > > > > Thanks James. One of the proposals for the new EFT Code is that > > users be liable for all losses caused by infected computers. My > > point is going to be that this is inappropriate as long as the > > banks do not restrict connections from older systems that are known > > to be insecure. > > My 2c, but isn't that just lazyness of the banks part. the getting > around key loggers shouldn't be that hard. Banks in US have started > to hand out 2 token authentication devices. IMB provides you with a > encoding matrix for your password so the same key combination doesn't > always log you in Yes, of course. I was just looking at elementary things to make a quick "sound bite" type of argument. Bill Caelli also addressed this yesterday talking to Richard Glover - pointing out that multi-factor authorisation is a minimum. Also out-of-band communications. Lots of things. > > > > > > > > > > -- > > > James Purser > > > Producer/Presenter - Open Source On The Air > > > A LocalFOSS Production > > > http://www.localfoss.org > > > irc: #localfoss on irc.freenode.net > > > > > > > > > -- > > Alan L Tyree http://www2.austlii.edu.au/~alan > > Tel: +61 2 4782 2670 Mobile: +61 427 486 206 > > Fax: +61 2 4782 7092 FWD: 615662 > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > -- Alan L Tyree http://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670 Mobile: +61 427 486 206 Fax: +61 2 4782 7092 FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
