Security Basics
Re: Bank Of Montreal Online Security Oct 30 2012 11:55AM
Alexander Meesters (a meesters sansyl com) (2 replies)
i dont think brute-force is the issue here, most likely a attack on such a system would be by sql-injection, once they have the credentials its easy enough to utilize rainbow tables in order to get a useable password.

although its unlikely a bank would use a unsave hashing algorithm like md5 or sha1, the rainbow tables available today for those algorithms are up to 12 characters in length.

IMHO they, and for that matter, everybody are far better off using pass-phrases, for example:"i do not like waffles", or "my 2 grand kids are awesome!"
its both easy memorable and though to crack, and far exceeds any available rainbow table out there!

just my 2 cents,

Alex

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Bank Of Montreal Online Security Oct 30 2012 05:35PM
Davin Enigl (davinenigl comcast net) (1 replies)
RE: Bank Of Montreal Online Security Oct 31 2012 06:15PM
Scott Herbert (scott a herbert googlemail com) (1 replies)
RE: Bank Of Montreal Online Security Nov 01 2012 07:58AM
Globalart4u Enquiries (enquiries globalart4u com)
Re: Bank Of Montreal Online Security Oct 30 2012 03:04PM
Davin Enigl (davinenigl comcast net)


 

Privacy Statement
Copyright 2010, SecurityFocus