Security Basics
Bank Of Montreal Online Security Oct 26 2012 07:07PM
mrtolton gmail com (1 replies)
RE: Bank Of Montreal Online Security Oct 29 2012 02:05PM
Trey Keifer (trey keifer wireharbor com) (1 replies)
RE: Bank Of Montreal Online Security Oct 29 2012 08:19PM
Alexander A. Kelner (a kelner noc brsi ru) (1 replies)
RE: Bank Of Montreal Online Security Oct 31 2012 02:26PM
Dave Kleiman (dave davekleiman com) (1 replies)
RE: Bank Of Montreal Online Security Oct 31 2012 08:49PM
Alexander A. Kelner (a kelner noc brsi ru) (2 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 02:57PM
Juan F. Campos - Computalleres.com (jfcampos computalleres com) (1 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 06:23PM
Alexander A. Kelner (a kelner noc brsi ru)
Re: Bank Of Montreal Online Security Nov 01 2012 01:53PM
Alexander Meesters (a meesters sansyl com) (2 replies)
RE: Bank Of Montreal Online Security Nov 01 2012 04:24PM
Hough, Kenneth P (kenneth phough WPI EDU) (1 replies)
RE: Bank Of Montreal Online Security Nov 01 2012 06:31PM
Alexander A. Kelner (a kelner noc brsi ru) (1 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 08:36PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Bank Of Montreal Online Security Nov 02 2012 05:09AM
Davin Enigl (davinenigl comcast net) (1 replies)
RE: Bank Of Montreal Online Security Nov 02 2012 10:01AM
Mike Vella (mike bakerross co uk)
HI, been following this interesting discussion.
I believe 2 factor authentication is a must for this type of thing. PCi
compliance?
Why leave yourself open to any type of attacks when it can easily be
avoided.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Davin Enigl
Sent: 02 November 2012 05:09
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Bank Of Montreal Online Security

You are fooling yourself guys. If it's published (as below), it's in a
database and crackable. Better: use OTP tokens. There will be no re-play
attacks possible.

Besides, keyloggers capture your static passwords no matter what you come up
with. Use an OTP like Yubikey. I's 44-63 random characters long and
different every time. Static passwords are obsolete.

On 11/01/2012 01:36 PM, Michael Peppard wrote:
> Take 'old o' the Wings o' the Mornin', An' flop round the earth till
> you're dead
>
> Good luck cracking that password. Kipling's Widow at Windsor for those
> that don't recognize it.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

The contents of this e-mail and any attachments are the property of Baker Ross Limited\Yellow Moon UK Ltd and are intended for the confidential use of the named recipient(s) only. They may be legally privileged and should not be communicated or relied upon by any person without our express written consent. If you are not the addressee please notify the sender immediately. Any files attached to this e-mail will have been checked with virus detection software before transmission. However you should carry out your own virus check before opening any attachment. Baker Ross Limited\Yellow Moon UK Ltd accepts no liability for any loss or damage which may be caused by software viruses. Baker Ross Limited\Yellow Moon UK Ltd may monitor email traffic data and also email content for the purposes of security and staff training.Baker Ross Ltd\Yellow Moon UK Ltd cannot guarantee the accuracy or completeness of this email after it is sent from the originator over the internet and accepts no responsibility for changes made after it was sent. Any opinion expressed in this email is personal to the author and may not necessarily reflect the opinions of Baker Ross Ltd\Yellow Moon UK Ltd.

Baker Ross Limited registered in England, registered number 1604275, VAT Reg No. GB 375 5220 52.
Yellow Moon UK Limited registered in England, registered number 4781729, VAT Reg No. GB 811 5660 50.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Bank Of Montreal Online Security Nov 01 2012 04:12PM
Davin Enigl (davinenigl comcast net)


 

Privacy Statement
Copyright 2010, SecurityFocus