/prog/ - Passwords = Reasonable Bank Security

Name: Anonymous 2011-06-19 14:53

http://krebsonsecurity.com/2011/06/court-passwords-secret-questions-reasonable-ebanking-security/

these guys: http://www.infolawgroup.com/

Name: Anonymous 2011-06-19 14:57

Apparently passwords + secret questions (i.e. more passwords) + a "device ID" (which can be trivially faked, unlike a token) = two-factor authentication. Plus, AFAICS, the "device ID" was even allowed to change, so it didn't really come into play after the secret questions?

Name: Anonymous 2011-06-19 15:34

Couldn't the thief have initiated ACH transfers from anywhere just by knowing the account number?

By the way, even Battle.net is switching from physical tokens to device IDs now, so that must be more secure.

Name: Anonymous 2011-06-19 15:48

>>2
what the fuck is "device ID"

Name: Anonymous 2011-06-19 15:51

>>4
I guess it's the ID associated with your device.

Name: Anonymous 2011-06-19 16:00

>>5
How can I find out my device ID?

Name: Anonymous 2011-06-19 16:01

>>6
By threatening to read SICP to it if it doesn't give up its ID

Name: Anonymous 2011-06-19 16:11

>>6
Your device ID is " lol what 2".

Name: Anonymous 2011-06-19 16:30

>>8
shiichan=proper2?

Name: Anonymous 2011-06-19 17:02

shiichan=proper2

Name: Javalee 2011-06-20 3:22

There's a very special to encrypt customer passwords I found in my last job:



class Main {

    public static void main(String[] args) {

        if (args.length == 2)

            System.out.println(args[1].hashCode());

    }

}

Isn't it cool?

Why use MD5/SHA?
Why use salt?
Why EVEN use SSL?

Name: Anonymous 2011-06-20 8:02

>>11
It's secure because nobody will ever think the programmer was that stupid.

Name: Anonymous 2011-06-20 8:16

>>12
Starting from today, I will.

Passwords = Reasonable Bank Security

1 Name: Anonymous 2011-06-19 14:53

2 Name: Anonymous 2011-06-19 14:57

3 Name: Anonymous 2011-06-19 15:34

4 Name: Anonymous 2011-06-19 15:48

5 Name: Anonymous 2011-06-19 15:51

6 Name: Anonymous 2011-06-19 16:00

7 Name: Anonymous 2011-06-19 16:01

8 Name: Anonymous 2011-06-19 16:11

9 Name: Anonymous 2011-06-19 16:30

10 Name: Anonymous 2011-06-19 17:02

11 Name: Javalee 2011-06-20 3:22

12 Name: Anonymous 2011-06-20 8:02

13 Name: Anonymous 2011-06-20 8:16