News: Security and user accountability
Published: 2006-12-28 15:53:24 . Categories: Security
Recently several people have found their bank accounts tapped for reserves after the customer has logged into the Internet bank for seemingly trivial matters.
Looking further at the matter it turned out that this was a result of Trojan horses (variant of worms/viruses) installed on the user's computer. This allowed the attacker to monitor the computer and act when the users themselves had logged into the Internet bank, instead of trying to attack the Internet bank itself or using phishing methods to gain credentials.
The security of Norwegian Internet banks are in themselves very secure, for one thing the banks generally depend on some random token authentication that is difficult to lure from the customer., and as such it has brought forth alternative routes of attacks.
The attacks were detected by four different banks in Norway, and three quarters of them were stopped before the transactions were completed (cudos to the users that reacted when the cursor started moving around and doing actions not issued by the user itself and logged off before calling the bank)
But this once again brings up the importance of securing not only servers, but also clients, and the point of user accountability. The bank has no liability in this case, as it, from the bank's perspective just as well could've been the customer that issued mere 2,000 USD transactions. Of course, it will try to help the customer and trace the money still.
A chain is only as strong as its weakest link. When it come down to it, the weakest link in security is often men itself. Security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play. Albert Einstein is quoted as saying: "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." ( www.secure-my-internet.com )
So install antivirus scanners, install anti-spyware applications, look into alternative browsers such as Mozilla's Firefox instead of using Internet Explorer, and last but not least always think of security implications.
Read more at www.secure-my-internet.com
Looking further at the matter it turned out that this was a result of Trojan horses (variant of worms/viruses) installed on the user's computer. This allowed the attacker to monitor the computer and act when the users themselves had logged into the Internet bank, instead of trying to attack the Internet bank itself or using phishing methods to gain credentials.
The security of Norwegian Internet banks are in themselves very secure, for one thing the banks generally depend on some random token authentication that is difficult to lure from the customer., and as such it has brought forth alternative routes of attacks.
The attacks were detected by four different banks in Norway, and three quarters of them were stopped before the transactions were completed (cudos to the users that reacted when the cursor started moving around and doing actions not issued by the user itself and logged off before calling the bank)
But this once again brings up the importance of securing not only servers, but also clients, and the point of user accountability. The bank has no liability in this case, as it, from the bank's perspective just as well could've been the customer that issued mere 2,000 USD transactions. Of course, it will try to help the customer and trace the money still.
A chain is only as strong as its weakest link. When it come down to it, the weakest link in security is often men itself. Security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play. Albert Einstein is quoted as saying: "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." ( www.secure-my-internet.com )
So install antivirus scanners, install anti-spyware applications, look into alternative browsers such as Mozilla's Firefox instead of using Internet Explorer, and last but not least always think of security implications.
Read more at www.secure-my-internet.com
Comments
| No comment posted at this time |
[Sitemap]
