Exactly!
This is where I'd like to bring focus back on what it really was. Neither is
keybank.com allowing access to a 'registered' computer simply because it's
registered, nor is it laying a file, key or id certificate on the client's
machine to enable it to login. As Wesley pointed out, they are
On Wed, October 4, 2006 2:36 am, Wesley Acheson wrote:
> I don't see how its that much of a secuity risk, they create a ssh
> tunnel. All it does is add an extra layer of authentication. Its not
> like the password requirements are bypassed.
My fault.
Somehow we got fixated on the idea that reg
I don't see how its that much of a secuity risk, they create a ssh
tunnel. All it does is add an extra layer of authentication. Its not
like the password requirements are bypassed.
On 10/3/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Tue, October 3, 2006 2:33 am, Wesley Acheson wrote:
> Th
> -Original Message-
> From: Richard Lynch [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 03, 2006 2:10 PM
> To: Wesley Acheson
> Cc: [EMAIL PROTECTED]; php-general@lists.php.net
> Subject: Re: [PHP] RE:[PHP] Client Computer Registration
>
> On Tue, October
o php...
peace..
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 03, 2006 11:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; 'Rahul S. Johari'; 'PHP'
Subject: RE: [PHP] Client Computer Registration
On Mon, October 2, 20
On Tue, October 3, 2006 2:33 am, Wesley Acheson wrote:
> They could also be doing something like giving the client an SSH key
> to download, I've heard of this situation in a bank before.
Is the key tied to my hardware?
At least that stops the virus/Trojan scenario.
But not the petty thief who b
On Mon, October 2, 2006 4:19 pm, bruce wrote:
> actually richar, and others...
>
> depending on what they're doing, it's quite alot to it.
I sincerely doubt that it is, and apologize in advance to Keybank if
it is, but I suspect they just plain don't know what they are doing...
I certainly wouldn
Hey Rahul...
I have seen this also... It's sort of neat and annoying all at the
same time... I am just wondering if it's just a false sense of
security to get more people to use there online banking... although I
did read through their FAQs about this and they are saying they have
been required b
They could also be doing something like giving the client an SSH key
to download, I've heard of this situation in a bank before.
Though it does seem more likely that their just using cookie based
authentication
-
From: "Rahul S.
On 02 Oct 2006, at 15:11 , Richard Lynch wrote:
And they'd have to be complete and total idiots to use the IP address
for authentication/identification.
This is Key Bank. Morons goes without saying.
Though, honestly, if this is your BANK, they've really got no business
allowing you to "regis
ity.com
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Monday, October 02, 2006 2:11 PM
To: Rahul S. Johari
Cc: PHP
Subject: Re: [PHP] Client Computer Registration
On Mon, October 2, 2006 7:07 am, Rahul S. Johari wrote:
> I saw this at the Key.Com website for K
On Mon, October 2, 2006 7:07 am, Rahul S. Johari wrote:
> I saw this at the Key.Com website for Keybank Customers. When you go
> to
> their website to login to view your account, they ask you to register
> your
> computer for the first time. Once your computer is registered, you can
> access the ac
Ave,
Yes I doubted MAC address could be recorded so easily, and I highly doubted
Key.Com's application had anything to do with a MAC Address.
If it's Cookie-Based, then in my opinion it's more of a 'show' then any
actual, vital security implementation. I have everything from Cookies, IP
Filter,
Rahul S. Johari wrote:
I saw this at the Key.Com website for Keybank Customers. When you go to
their website to login to view your account, they ask you to register your
computer for the first time. Once your computer is registered, you can
access the account using that computer. You can choose t
14 matches
Mail list logo
