|
|
|
|
|
|
by pjc50
4416 days ago
|
|
|
Yes and no; while the banks have avoided widespread compromise they often have weird password requirements or ham-fisted attempts to secure user's PCs with crapware like Trusteer Rapport: http://www.pcpro.co.uk/realworld/359617/is-hsbcs-security-so... For a while Santander's login system redirected my wife's account to a page with an expired HTTPS certificate. Then there's fun things like playing tetris or MITM attacks on the Chip and Pin terminals: http://www.saardrimer.com/sd410/pres/showandtell08.pdf (Obviously mtgox is worse, but my point is that banks tend to a proceduralist cargo-culty approach to security). |
|
|
>> We believe that the risk remains very low. [This attack] is significantly difficult to industrialise to the numbers of devices that would gain criminals the return they would expect and, therefore, not economically viable to criminals.
I am not saying banks are perfect, no organisation is, but they are certainly not just old men in conference rooms wondering what the little 1's and 0's mean. Some bank security consultants are the best penetration testers in the world.