Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Re: My bank uses Windows? Is "Check 21" safe?

Reply
Thread Tools

Re: My bank uses Windows? Is "Check 21" safe?

 
 
Bit Twister
Guest
Posts: n/a
 
      10-09-2004
On 9 Oct 2004 20:03:36 GMT, Juergen Nieveler wrote:

>> What is worse web pages
>> with doubleclick in the pages. Double click gets cracked/infected
>> then where are you at.

>
> Do you honestly think that such a PC will get a DIRECT connection to
> the Internet? At the very least they'll have a proxy with virus
> scanner, maybe even something that scans applets and JavaScript (Trend
> Micro produces some scanners for that sort of work, for example).


Hehehe, any connection would be dangerous. malware scanners are pretty
good after the malware has been caught, sig generated, and downloaded
at the banks database. Bit of a window of opertunity there.

Op was worried about ms in the bank.
I have more worry about the web pages served from the banks ms servers.

Last time I looked, Bank One was running Microsoft-IIS/5.0
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      10-09-2004
In article <(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Jim Watt <(E-Mail Removed)_way> wrote:
>
> > That ties in with my experience of banks, some of which ordered
> > PC's without floppy disk drives so there was no chance they were
> > compromised. I'd be worried if I saw a bank with Macs.

>
> At one company I worked at years ago (before CD-ROMs became normal part
> of PCs - yes, that long ago), we ordered a batch of floppy-drive-locks
> - they were inserted into the floppy drive and could only be removed
> with a special key, which only the IT departmend had.
>
> It cut down the rate of virus infections enormously


Yea, we use to disconnect the power cable and then lock the case. I
remember those devices, they were great.

I had a user insert a 5.25" floppy sideways one time - they had to force
it into the drive and then could not get it out - it stuck on the R/W
arm and bent it

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
 
xmp
Guest
Posts: n/a
 
      10-09-2004
Bit Twister wrote:

> What I thought was poor security, is the screen facing the window out
> which you see appartments and other buildings.


Many kiddies were Van Eck phreaking long before these goofballs jumped
on the wardriving bandwagon.

Those who ignorant of history, are doomed to repeat it.

michael
 
Reply With Quote
 
Bill Unruh
Guest
Posts: n/a
 
      10-10-2004
Juergen Nieveler <(E-Mail Removed)> writes:

]Bit Twister <(E-Mail Removed)> wrote:

]>>> When I walk through the lobby of my bank, I see Windows screen savers
]>>> running on some computers and Windows menu screens on others. I know
]>>> my bank has never heard of MacIntosh or Linux. I hesitate to think
]>>> how many spybots and viruses might lurk in those machines.
]>
]> What I thought was poor security, is the screen facing the window out
]> which you see appartments and other buildings.

]THAT is indeed poor security

]>> None, if the IT staff know what they're doing - and at large banks they
]>> usually do.
]>
]> With all the outsourcing, how would you know.

]BTDT. Bank auditors are about the worst that can happen to you

Ross Anderson has almost made a career out of pointing out how bad banks
are at security. What anyone else would hesitate to do, they do.

 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      10-10-2004
On Sat, 09 Oct 2004 19:09:35 GMT, Celtic Leroy
<(E-Mail Removed)> wrote:

>Jim Watt <(E-Mail Removed)_way> wrote:
>
>>I'd be worried if I saw a bank with Macs.

>
>Macs are for the graphics quality and are usually tied into the
>surveillance system. Therefore not a part ot he tech systems, but the
>human ones.


Nonsense. the only Apple product around here are ipods
used by teenagers.

If anyone wanted to use a computer in a survellance system
a PC is a standard item easily maintained, or better still use
dedicated hardweare designed for the purpose

http://www.tecton.co.uk/brochure.html
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      10-10-2004
On Sat, 09 Oct 2004 19:34:32 GMT, Bit Twister
<(E-Mail Removed)> wrote:

>On 9 Oct 2004 19:24:47 GMT, Juergen Nieveler wrote:
>>
>> At one company I worked at years ago (before CD-ROMs became normal part
>> of PCs - yes, that long ago), we ordered a batch of floppy-drive-locks
>> - they were inserted into the floppy drive and could only be removed
>> with a special key, which only the IT departmend had.
>>
>> It cut down the rate of virus infections enormously

>
>Saw an article where companies are putting epoxy in the usb ports.
>Pulling cd and diskette drives also.


We superglue the 110/240v switch on power supplies on PC going
into the schools after they found out the fun that could be had with
them.

We also sold a number of the disk locks for floppies, however its
easier to disconnect them in the box if the case has a secure lock

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Celtic Leroy
Guest
Posts: n/a
 
      10-11-2004
Jim Watt <(E-Mail Removed)_way> wrote:

>On Sat, 09 Oct 2004 19:09:35 GMT, Celtic Leroy
><(E-Mail Removed)> wrote:
>
>>Jim Watt <(E-Mail Removed)_way> wrote:
>>
>>>I'd be worried if I saw a bank with Macs.

>>
>>Macs are for the graphics quality and are usually tied into the
>>surveillance system. Therefore not a part ot he tech systems, but the
>>human ones.

>
>Nonsense. the only Apple product around here are ipods
>used by teenagers.
>
>If anyone wanted to use a computer in a survellance system
>a PC is a standard item easily maintained, or better still use
>dedicated hardweare designed for the purpose
>

You're probably right, I never worked anywhere that required really
good security like a bank...just a small military weapons RDT&E
facility. Security there only consists of full spectrum analog feeds
from a few device managers (each monitoring a number of devices).
Consisting of wave streams from ground movement to infrared optics in
an area of about 2500 square miles. All of the gathering and storage
of these feeds was done on Macs. The resulting data was available on
the intranet.

But yea, if all you want to do is record a few feeds around your 2500
sqft. office spaces with web cameras, a PC will do fine.
 
Reply With Quote
 
xborg
Guest
Posts: n/a
 
      10-22-2004
I been in all sides of the security and banking industry. I recommend the
you be very careful in managing your accounts and if you see anything odd
reported right away.

It is easier that your financial information be stolen form other places
than from your bank, but still bank cybersecurity is not what it should be.
Banks have to deal with software vendors and hardware vendors and they all
basically have access to the banks information. If someone savvy gets access
to the banks network, then it don't matter is the bank has Windows or Unix,
the banks information is likely to be compromise, One important thing is
that windows is friendlier that Unix and there for you need less technical
skill to find what you are looking for.

"Bit Twister" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 9 Oct 2004 14:35:26 GMT, Juergen Nieveler wrote:
> >>Anonymous via the Cypherpunks Tonga Remailer

> >
> >> When I walk through the lobby of my bank, I see Windows screen savers
> >> running on some computers and Windows menu screens on others. I know
> >> my bank has never heard of MacIntosh or Linux. I hesitate to think
> >> how many spybots and viruses might lurk in those machines.

>
> What I thought was poor security, is the screen facing the window out
> which you see appartments and other buildings.
>
> > None, if the IT staff know what they're doing - and at large banks they
> > usually do.

>
> With all the outsourcing, how would you know. What is worse web pages
> with doubleclick in the pages. Double click gets cracked/infected
> then where are you at.
>
> > I've worked in the IT department of a bank a few years ago, and NO PC
> > was allowed to connect to the Internet.

>
> Not, today. Some allow the account manager to get out.
> In one. the person had to supply id/password.
> Another bank did not require the password.
>



 
Reply With Quote
 
Bit Twister
Guest
Posts: n/a
 
      10-22-2004
On Fri, 22 Oct 2004 12:35:42 -0700, xborg wrote:
> I been in all sides of the security and banking industry. I recommend the
> you be very careful in managing your accounts


I would second that.

> and if you see anything odd reported right away.


Some banks will let you set email alarms to notify you of activity.
I get an email when $50 or more comes out of the account.
Other banks have software watching withdrawls and anything out of the
norm causes the fraud group to give you a call.

I do run gnucash aganist each bank statement to verify nothing is amiss.
Beats running a check register.

> It is easier that your financial information be stolen form other places
> than from your bank, but still bank cybersecurity is not what it should be.
> Banks have to deal with software vendors and hardware vendors and they all
> basically have access to the banks information.


Yes, one bank I tried uses doubleclick.net tracking. Shot them an email
indicating that was pretty _negligent_ of them. That keyword gets
their attention. Asked, What would happen if doubleclick's servers
were to be cracked or doubleclick were to outsource their work to
china/india and that $60 a month employee sold account info for $50,000.

Received something to the effect they have info sharing aggreements
with everyone they use. I fired back, BFD, they were still negligent
because they could get webhit stats from their servers and doubleclick
usage was like a locked outside backdoor on a bank vault. Just plain
negligent.

Also told them their webpages were broke because I block doublclick ip
addies. They did modify their webpages but still used doubleclick on
exit on the sign on page. Wrote one more email telling them why I
moved my accounts elsewhere.

> If someone savvy gets access to the banks network, then it don't
> matter is the bank has Windows or Unix, the banks information is
> likely to be compromise,


True, but, better chance of that on MS os if Microsoft only releases
patches once a month or only when a known exploit is found out on the
internet.

> One important thing is that windows is friendlier that Unix and


With the first six months of this year showing a new virus every other
hour on average I'll agree windows is more friendlier for the bad guys.

> there for you need less technical skill to find what you are looking for.


All the banks I use, work just fine with linux's firefox, thunderbird
and mozilla. Last year or so, Mandrakelinux/Suse have gotten pretty
user friendly except for the stinking winmodems setup.

I do have a seperate account for creditcard and bank work. On logout,
the account's files are deleted and restored from a tar file. I have a webpage
with bank urls to pick from to keep me from mistyping the url and I
never click on a url from an email which is yet another user account.
 
Reply With Quote
 
Juergen Nieveler
Guest
Posts: n/a
 
      10-22-2004
"xborg" <(E-Mail Removed)> wrote:

> It is easier that your financial information be stolen form other
> places than from your bank, but still bank cybersecurity is not what
> it should be.


Depends on the bank, of course...

> Banks have to deal with software vendors and hardware
> vendors and they all basically have access to the banks information.


Definately not, at least at good banks. They use compartmentalisation
as a security measure just like Intelligence Agencies do... the cashier
will know how much money he can give you, but isn't able to check your
credit rating or check your house loan, for example. And no consultant
gets to see it all, even of their own staff only very few people know
the entire picture.

> If someone savvy gets access to the banks network, then it don't
> matter is the bank has Windows or Unix, the banks information is
> likely to be compromise,


Depends a lot on their systems, again. I've personally seen the network
diagrams of a large bank computer center (actually, only the parts that
we had to work on), and it was so compartmentalised you wouldn't
believe it - there were firewalls between each department, and rulesets
that were hell to analyse - for example "Port X is open from Net A to
host C via Net B, but not directly from Net B". Firewalls were mixed,
too - mostly Checkpoint and Cisco, naturally

The Admin had a hell of a job - if he wanted to remote-control servers,
he had to remember which net the particular server was in, connect to a
PC (called "Admin-Hop") in a totally different network via something
like PCAnywhere, then launch PCAnywhere THERE to connect to the actual
server. All because the server was in a network that was only allowed
to talk to machines in a specific other network, not anywhere else.

Juergen Nieveler
--
When in doubt empty the magazine.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
salary at Chevy Chase Bank and PNC Bank Richard Pearrell Computer Support 2 07-27-2006 03:06 AM
Re: My bank uses Windows? Is "Check 21" safe? Anonymous via the Cypherpunks Tonga Remailer Computer Security 5 10-12-2004 09:09 PM
Re: My bank uses Windows? Is "Check 21" safe? xmp Computer Security 0 10-09-2004 02:28 PM
Re: Bank of America or any Bank mchiper Computer Security 4 09-13-2003 09:01 AM



Advertisments