Goto Blog Home PageRevell Research Systems: Alastair Revell's Web Log
On this page....
Archive
<December 2019>
SunMonTueWedThuFriSat
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

RSS 2.0     Atom 1.0     CDF

Summary
Search
Navigation
Categories
Blog Roll
About Alastair Revell
Alastair Revell is the Managing Consultant of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Alastair Revell
 EMail Revell Research Systems Limited Email Me
Copyright
Legal & Other Notices
Sign In
Disclaimer
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are my own personal opinions.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Friday, August 11, 2006

I was interested to read the BBC article highlighting the concerns of Professor Antonia Jones and her team at Cardiff University regarding the security of the HSBC Online Banking Web Site, particularly in light of my earlier blog entry.

It seems that Professor Jones believes that there are serious flaws in the way that HSBC's online customers access the bank's web facilities. These seem to centre around key logging (the recording of key strokes by either hardware or software tools). The problem with key logging is that the keystrokes are captured before they are encrypted as part of the secure connection between the user's web browser and the bank's web site. This means that user names and passwords are easily captured and can be relayed to the perpetrator.

Personally, I no longer use third party computers (except those where we are responsible for their security) to conduct any confidential transactions. The risks are simply too great and I would certainly not recommend anyone else doing so either.

According to the BBC, the bank says that the "problem does not pose a serious threat to its customers", although the Cardiff researchers suggest that anyone exploiting the flaw would gain access to an account within nine attempts.

More about Alastair Revell

Friday, August 11, 2006 5:07:06 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Security | Trackback Tracked by:
"Online Bill Pay" (Online Bill Pay) [Trackback]


Comments are closed.
RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
   
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.