[LINK] PCs bad for banking: expert

Rick Welykochy rick at praxis.com.au
Thu Mar 17 11:52:44 EST 2005 

Craig Sanders wrote:

 >Specs:
 >> - use a cross platform environment (Java perhaps?)
 >> - distribute the software
 >> - require users to authenticate the application offline (the
 >> inconvenient but functional Advance Bank application, in which you got
 >> the authentication key over the phone, for example)
 >> - do not accept login from an application which cannot verify itself.
 >>
 >> Those are minima, I would fully expect better brains than mine to add to
 >> the list.


 > this does not solve the problem. if the OS is compromised with
 > a keystroke logger, it doesnt matter at all whether the banking
 > application is a browser, a compiled C/C++ app, or a java app. the
 > keylogger will grab the login & password details anyway.

Exactly. I'm amazed that banks do not realise or ackowledge
this fact. If your machine is compromised by a virus, then
no matter *what* software you are running, your bank account
and its contents can be subverted.


> the right fix is to reboot into a virus-free environment.....it's not
> like rebooting is an unusual experience for windows users.

Although I do not use Windows meself, from what I hear, it is well on
nigh impossible to boot into a virus-free environment these days ;)
<chuckle>


> PS: IMO, java is basically crap. it's slow and clumsy and completely
> failed to live up to it's promise of "write once, run anywhere".

Nice to hear some common sense about Java. From a programmer's
perspective, the language is one big pile of bollocks. There is
more to a language and its deployment in the enterprise than just
the language specification and the marketing behind, like the
lie that is "write once, ruin anywhere" (my typo). There is also
the culture behind the language. Of course, bad code can be written
in any language, but there seems to be a commodity style assembley
line approach with Java (as opposed to the guru culture behind
C/C++ and shell programming) that produces really bad implementations
in my experience. Anyway, enough of a whinge. Time for lunch.


cheers
rickw



-- 
_________________________________
Rick Welykochy || Praxis Services

Blessed are the cracked for they let in the light.
      -- Spike Milligan

More information about the Link mailing list