[clug] Internet banking and browser compatibility
Sam Couter
sam at couter.id.au
Tue Feb 17 10:28:42 GMT 2009
Alex Satrapa <grail at goldweb.com.au> wrote:
> How do I use Internet banking from my office once I've got an SSL
> certificate for my browser at home?
Aren't X.509 certificates transferrable? I should be able to export the
certificate to a USB key and carry it to work, right? Right?
Since client-side authentication is so rarely used, I've never heard of
this being done and I don't know the answer.
> How do I stop the person who just
> broke into my house from clearing out my bank account before I get home?
That bit's really easy, just lock your keystore with a hard to guess
passphrase.
Note that you're still vulnerable to rubber hose attacks *after* you get
home.
> Note that I wouldn't recommend using Internet banking from the office in
> the first place since so many workplaces these days are installing HTTPS
> proxies that do stupid stuff like generate certificates for the sites
> that you're visiting on the fly, so your browser will happily report that
> the hostname and certificate match.
Does anybody work anywhere that actually does this? I've heard of it as
a theoretical attack, but not even the network nazis where I work do
this.
--
Sam Couter | mailto:sam at couter.id.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20090217/9706d738/attachment.bin
More information about the linux
mailing list