Comments on: Sacrificing a Lot of Security for a Small Gain in Usability

By: “News Alert: Irish Broadband Routers Totally Secure” | James Galvin

Tue, 09 Oct 2007 22:14:06 +0000

[...] for “crack wpa”, even if the encryption method is somehow 100% unbreakable, just ask Paypal what happens when you allow the user to pick his own [...]

By: dahamsta

dahamsta — Sun, 26 Aug 2007 18:06:13 +0000

Jesus don’t say challenge/response James, you’ll have the anti-spam C/R dickheads in here.

By: James

James — Sun, 26 Aug 2007 17:33:12 +0000

Speaking of banks… that reminds me about their policy to check up on credit cards. I got a TEXT MESSAGE once along the lines of

IMPORTANT!! Ring BOI Credit Card Services @ 01 xxxxxx ASAP!

Turned out it was legit, but I certainly didn’t ring the number they sent me (I rang the number on the back of my card). That is a good point though, there should be a challenge/response allowing us to verify the bank’s identity.

By: dahamsta

dahamsta — Sun, 26 Aug 2007 15:04:07 +0000

My favourite is when the bank rings me an prepares to ask a security question. I always interrupt them and say:

“Sorry, you rang me (without caller id). I know who I am, I don’t know who you are. I should be asking you security questions.”

They usually go “huh”, because they’re automatons just doing what their told anyway. No imagination, no security.

On DNS, when ISPs and other orgs ask me to authenticate using a fax “for security reasons”, I call them on it. It’s for ass-covering, not security.

adam

By: University Update - North Carolina State - Sacrificing a Lot of Security for a Small Gain in Usability

Sat, 25 Aug 2007 13:21:40 +0000

[...] Forest University Sacrificing a Lot of Security for a Small Gain in Usability » This Summary is from an article posted at James Galvin on Saturday, August 25, 2007 Itâ€™s [...]