[clug] Internet banking and browser compatibility

Sam Couter sam at couter.id.au
Tue Feb 17 10:28:42 GMT 2009

Alex Satrapa <grail at goldweb.com.au> wrote:
> How do I use Internet banking from my office once I've got an SSL  
> certificate for my browser at home?

Aren't X.509 certificates transferrable? I should be able to export the
certificate to a USB key and carry it to work, right? Right?

Since client-side authentication is so rarely used, I've never heard of
this being done and I don't know the answer.

> How do I stop the person who just  
> broke into my house from clearing out my bank account before I get home?

That bit's really easy, just lock your keystore with a hard to guess

Note that you're still vulnerable to rubber hose attacks *after* you get

> Note that I wouldn't recommend using Internet banking from the office in 
> the first place since so many workplaces these days are installing HTTPS 
> proxies that do stupid stuff like generate certificates for the sites 
> that you're visiting on the fly, so your browser will happily report that 
> the hostname and certificate match.

Does anybody work anywhere that actually does this? I've heard of it as
a theoretical attack, but not even the network nazis where I work do
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20090217/9706d738/attachment.bin

More information about the linux mailing list