[LINK] Phishing plumbs new depths for Westpac Customers: XSS

Karl Auer kauer at biplane.com.au
Tue Nov 21 11:39:10 AEDT 2006 

On Tue, 2006-11-21 at 11:02 +1100, Rick Welykochy wrote:
> I'm afraid this one might catch all but the technically savvy amongst us.

No - as always, it will catch the careless, the stupid and the ignorant.

The careless, who forget and click on a link in the email rather than
going to the known site and clicking through.

The stupid, who think "it won't hurt just this once".

And the ignorant, who still haven't cottoned on to the simple rule:
Don't click on links in emails.

My banks (all four of them :-) state clearly in many locations that they
will never request information or request any action on my part by
email, and that any important bank information will be sent by post.

People who don't read the contracts and other important information upon
which their savings, livelihood or safety depend are certainly careless,
stupid or ignorant, and possibly all three.

I am NOT defending the banks here; they could do a lot more to make
their systems secure. My Swiss bank gave me a one-time-pad at first;
when my login count rose a bit they sent me a SecurID tag. I log in with
a login name, a password of my choosing, and a SecurID code. Simple and
secure. The Commonwealth still finds a name and password sufficient (!).
The National Australia Bank wants to (wait for it) *send me an SMS with
a one-time-code* when I want to log in. What waste of good breathing air
dreamt that one up?

Regards, K.

PS: True story: I tried to transfer some money from the Commonwealth
bank a few years ago, and struck a daily limit of $5000, with no way
around it. So when I was buying a house in Oz, and knew I'd need to
transfer a deposit out of Switzerland, I rang my Swiss bank and asked
nervously if there were any daily limits on Internet transfers.

  "Yes, sir, I'm afraid there are".
  "Oh dear. How much then?"
  "Four million franks, sir".

Now *that's* a bank :-)

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

More information about the Link mailing list