Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 10 Dec 2017, 20:45
All times are UTC - 4
 Forum index » Off-Topic Area » Security
banking apps with network vulnerabilities
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1691

PostPosted: Wed 06 Dec 2017, 22:21    Post subject:  banking apps with network vulnerabilities  

Here's another installment in the discouraging history of efforts to produce apps for on-line banking that are really secure. Considering the monetary value of the transactions already taking place this should not be acceptable.

Please note that this did not address the possibility that the OS running on the device may have already been hacked, compromising the environment in which the app runs.

My own opinion is that you probably can't rid software requiring hundreds of megabytes for code storage of vulnerabilities. Applying updates also risks introducing new problems.

Apple just went through such a crisis when a new release of "High Sierra" accidentally allowed root login without a password. After a fix for that, a later patch disabled the previous fix.

It is ancient history now, but back in the 1980s I was part of a group that examined some large software projects to learn something about bugs. One discovery was that most big software systems reach statistical equilibrium within a year or two. This is where bugs appear just as fast as they are fixed.

(Anyone who has been tied to software maintenance probably recognizes the "Death March" atmosphere that sets in on the project team when equilibrium is established.)

Another surprise was that the typical bug we were finding one year after release was estimated to turn up once in 2,000 years of individual use. These problems are pretty much impossible to catch through testing anyone can afford.

Now, will someone explain to me why on-line banking from an app on your phone is a good idea?
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1355

PostPosted: Thu 07 Dec 2017, 05:31    Post subject: Re: banking apps with network vulnerabilities  

prehistoric wrote:


Now, will someone explain to me why on-line banking from an app on your phone is a good idea?



+1

I'd like to see a response from someone who actually "rationalizes" and "defends", at present, doing full online banking from their phone providing access to ALL their accounts. (This same thing aspplies to sensitive health, insurance, personal, etc, etc data). I know quite a few people, in the security & tech industry overall, within Apple too, and not one of them do "online banking" with their phones----at any level. Not one of them trust "any" sensitive data to their phones----and these people are responsible for overall development of either the iOS and/or Android.

There's a drty-secret corollary here: at present, the more educated you are, the more wealthy you are, the less likely you are to use "online banking" with any phone (Apple, Android, or otherwise). It is a not well-kept secret hardly anyone in Silicon Valley handles ALL their online banking through their phones. They do it through setting up separate, non-linked nominal accounts for when they want to use their phone.

Thus, it is not a stretch of the imagination to say that 99.9999% (yes, 5 decimal places) of all "full" (handling their complete accounts) online banking is done by the hoi-polloi, a sort of a massive testwide guinea pig status.

Yet the hoi polloi? They've neither the knowledge and/or wealth to set up multiple accounts (non-linked, separate accounts, reducing their exposure if somethng happens) and thus seemingly blithely do all their online banking without a worry as to whether it is "safe" or not.

It must be safe! I hear this time and time again when I ask people who "bank" on their phones. They reply, that because the "big" companies wouldn't be telling us to do this IF it wasn't 'safe'....their own employees must do it....and.......so there's no problem.

Sigh...if they only knew Rolling Eyes


Eventually, phones will become just as "secure" as any other means---to not acknowledge that is to be blind. Same as with wifi vs lan. Same as with end-point network nodes versus origin-to-mid-point network nodes. Until that point, when all this approaches equilibrium, you've gotta have half-a-screw loose to trust your phone to anything sensitive you do in your life.

Do what the people who make this stuff do----be wary, use it minimially, and let the guinea pigs (say the words again: hoi polloi) keep discovering the shortfalls and problems until things are ironed out a bit more.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1691

PostPosted: Thu 07 Dec 2017, 10:10    Post subject:  

Meanwhile, what about a complete departure from physical banks? Here's today's news.

At current Bitcoin values this would come to about $64 million. This is dwarfed by the size of the hack that brought down Mt Gox. Multiply the 850,000 bitcoins missing from there by $15,000 and you get $12,750,000,000.

Who thought basing a currency on computer security was a good idea?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0381s ][ Queries: 14 (0.0046s) ][ GZIP on ]