Goto Blog Home PageRevell Research Systems: Alastair Revell's Web Log
On this page....
Cardiff University Researchers Claim HSBC's Online Security Flawed
Archive
<October 2008>
SunMonTueWedThuFriSat
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678

RSS 2.0     Atom 1.0     CDF

Summary
September, 2008 (2)
June, 2008 (1)
May, 2008 (1)
March, 2008 (2)
February, 2008 (1)
November, 2007 (2)
October, 2007 (2)
September, 2007 (5)
August, 2007 (5)
July, 2007 (5)
June, 2007 (1)
May, 2007 (3)
April, 2007 (4)
March, 2007 (2)
February, 2007 (3)
January, 2007 (3)
November, 2006 (5)
October, 2006 (4)
September, 2006 (4)
August, 2006 (3)
July, 2006 (4)
June, 2006 (7)
March, 2006 (1)
February, 2006 (1)
January, 2006 (4)
Search
Navigation
Home
Revell Research Systems
Revell Research Systems Blogs
Alastair Revell
Microsoft Patterns & Practices
University of Birmingham
University of Plymouth
Categories
 
 
 
 
 
 
 
 
Blog Roll
RSS 2.0 Brad Abram
RSS 2.0 Clemens Vasters
RSS 2.0 David Maister
RSS 2.0 Grady Booch
RSS 2.0 Harry Pierson
RSS 2.0 Joe Hummel
RSS 2.0 Nick Robinson
RSS 2.0 Robin Bloor
RSS 2.0 Scott Hanselman
RSS 2.0 Seth Godin
RSS 2.0 Sir Tim Berners-Lee
RSS 2.0 The Orange Rag
RSS 2.0 Tom Hollander
RSS 2.0 Tom Mertens
About Alastair Revell
Alastair Revell is the Managing Consultant of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Alastair Revell
 EMail Alastair Revell Email Me
Copyright

© 2008 Alastair Revell

Legal & Other Notices

Terms of Use

About Alastair Revell

About this Blog

Sign In
Sign In
Disclaimer
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are my own personal opinions.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Friday, August 11, 2006

Cardiff University Researchers Claim HSBC's Online Security Flawed

I was interested to read the BBC article highlighting the concerns of Professor Antonia Jones and her team at Cardiff University regarding the security of the HSBC Online Banking Web Site, particularly in light of my earlier blog entry.

It seems that Professor Jones believes that there are serious flaws in the way that HSBC's online customers access the bank's web facilities. These seem to centre around key logging (the recording of key strokes by either hardware or software tools). The problem with key logging is that the keystrokes are captured before they are encrypted as part of the secure connection between the user's web browser and the bank's web site. This means that user names and passwords are easily captured and can be relayed to the perpetrator.

Personally, I no longer use third party computers (except those where we are responsible for their security) to conduct any confidential transactions. The risks are simply too great and I would certainly not recommend anyone else doing so either.

According to the BBC, the bank says that the "problem does not pose a serious threat to its customers", although the Cardiff researchers suggest that anyone exploiting the flaw would gain access to an account within nine attempts.

More about Alastair Revell

Friday, August 11, 2006 5:07:06 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Security | Trackback Tracked by:
"Online Bill Pay" (Online Bill Pay) [Trackback]

RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
   
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.