Re: Pic or it didn't happen!
Busted. Nicely busted, in fact. . .
18 publicly visible posts • joined 6 Oct 2011
"Hackers MAY be able..." "Isolated incidents of this type of fraud ['man-in-the-browser' attack] have cropped up..."
I am constantly amazed that so few techies understand how 'man-in-the-browser' attacks work. Chris 68 gets it. He mentions that "in this attack the malware is activated while the victim is logged in to their bank. It intercepts the visuals and modifies them." Condiment doesn't, if he thinks that "the only thing they can do is transfer money to one of the payees I have already set up." I hope that he reads Chris 68's subsequent reply noting that "The malware would hold the transaction and modify the page..."
As for "isolated"... Not! Read KrebsOnSecurity.com for a while, and scan some of the 80 or so articles he's written detailing count after count of this type of crime. Dunno about GB, but in the US commercial account holders are not reimbursed for losses due to fraud. Instead of fixing the problem, banks throw money at lawyers to make it more difficult for customers to sue their banker. For several years malware has circumvented all known types of 2-factor auth, including redirecting cell phone numbers to the bot-master's phones.
Krebs convinced me with his first article in 2009 that booting Linux from a Live CD or Live USB is arguably the best possible protection from all of this. But, of course, it's inconvenient so no one will bother. After using this for a bit, I love the convenience... It's the ultimate portable app, with all of your account and app settings, along with encrypted data, available from the same USB stick booted using any PC or Mac with 1.5 Gig of RAM and a USB port.
It's business, not personal. D'Oh!
I can't recall ever getting a job through a recruiter. However, I did spend over 30 years renting nice little houses to people. Best thing that happened was being able to get quick, comprehensive credit reports.
A glance told me everything that a person left out of their written and verbal interviews, including how good they were at organizing their life, and what I might expect to see if/when something went wrong with the situation (and even how likely it was that something would go wrong).
"The problem is... there isn't a better solution"
Yeah, but like he said:
"Nothing worse than having to fill in a WHOLE page of data again because of a mistyped captcha."
How effing easy is it to create a web form that can REMEMBER what you just typed? And how effing stupid is it to abuse your customers by not doing that simple nicety? One of my pet peeves also. Sheesh!
Completely understandable. There is another type of freedom that many don't like: freedom of choice.
Most people don't want a lot of options--it's an effort just to get through a day without hurting themselves. Thinking abstractly to arrive at reasonable conclusions is usually not possible. Ergo, follow the herd. Be a fanboi. Ahhhh, now isn't that easier?
Perhaps Mr. Stallman doesn't fully appreciate that the second you attempt to argue with idiots you become one.
" Erm... the average user of a computer *just wants to get the job done* and does not care at all about 'all the stuff under the hood'"
. . .why Linux doesn't even have a measurable percentage of the desktop market.
As much as I enjoy the Unix / Linux environment -- and I recently switched 100% to Ubuntu -- much of it still sux! Music players are pathetic (where's MediaMonkey for Linux?!), movie players are worse, and on, and on.
"But this, of course, is correct: 'They should require an actual office visit for setting or changing the phone number used for verification.' "
Easy for you, but rather more difficult for those of us living abroad. You suggest it's appropriate that expats and workers overseas be required to spend time and money traveling simply to register the change of a phone number?
As the Web, like email before it, was never designed to be a secure environment, it's time for the banking industry to step up and take an honest look for ways to rectify the problems. Either that or banks should become liable for the "unusual transactions" to money mules which are at the heart of the fraud involving commercial accounts.