Watch your Wachovia Bank Account

Discussion in 'Community Discussion' started by SC68Cal, Jul 11, 2007.

  1. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #1
    MR members, this was posted to the Full Disclosure mailing list. I'd be careful about signing into your Wachovia online banking portal. Very careful. BTW MITM stands for "Man In The Middle"

     
  2. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #2
    stuff like this gets posted to full-disclosure all the time, and it also happens all the time. also if you read some of the replies so far, there are worse holes and other ways to get the same info. sooo...

    edit: personally i wouldnt worry about the possibility of a MITM attack not addressed by Wachovia as much as I would about the PEBKAC on the user's end.
     
  3. SC68Cal thread starter macrumors 68000

    Joined:
    Feb 23, 2006
    #3
    Jim Popovich's worries about it being
    Doesn't count.

    I only get the digests so maybe your ahead of the game.
     
  4. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #4
    Agreed, but more trivial sources for that kind of information exist. It's unacceptable, but it's not like problems don't exist on the user end despite what banks try to do to maintain some semblance of security.

    You know, like those huge numbers of people who ignore SiteKeys and write passwords down on postit notes...
     
  5. SC68Cal thread starter macrumors 68000

    Joined:
    Feb 23, 2006
    #5
    Yeah. There's a problem with it though. I'm on the fence about the 90 day password change policy.

    If you make it too strict your users are going to forget it, write it down, or basically do anything they can to circumvent the policy.

    At the same time, if you don't have any password policy you're asking for lots of trouble.

    I guess you get paid the big bucks to find a happy medium between the two. I mean we were discussing this very same issue yesterday. I can't sit in front of 24 people and help them figure out Office 2007 then expect them to understand and function under a very strict 90 day password policy
     
  6. Fairly macrumors regular

    Joined:
    Sep 24, 2006
    Location:
    Cambridge UK
    #6
    Not that banks haven't let people down and screwed them in the past but today they're very tight with money. It's just that they don't understand the Internet. Like everyone they rush into things because everyone else is doing it. And no, I wouldn't trust them either if they're transmitting without encryption. It's really no big thing until it happens to you and then it's a very big thing. Doing banking online is crazy. Many of these banks run Microsoft servers and how much crazier can you get anyway.
     

Share This Page