ARP-spoofing defense

Brandon Stout bms at mscis.org
Mon Mar 19 08:34:35 MDT 2007


   [1]plug.org at 2nerds.com wrote:

On Sun, 18 Mar 2007, Von Fugal wrote:


Unfortunately, with Zions, at least as far as I've seen, the "username"
that they use is your SSN.


You may not have looked far enough.  I do my dad's online banking
(bill paying) with Zions when he's away, and his banking username has
nothing to do with his SSN.  I make no claim about the overall
security of their login process--I just offer empirical evidence that
for this particular bank, username does not necessarily equal SSN.

Chris


   I avoid banks - go Credit Unions! Bank is, after all, a 4 letter
   word...  Most banks and credit unions use http for the front page and
   other public pages.  Encryption increases bandwidth usage, so for
   large banks this makes sense.  When you submit your password, it
   switches to https to encrypt your user name/password combo.  Use a
   packet sniffer to make sure, but usually, even when the login page is
   http, your password will get sent https.

References

   1. mailto:plug.org at 2nerds.com



More information about the PLUG mailing list