Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news.bbs-scene.org!not-for-mail From: "System" Newsgroups: comp.programming Subject: Hacking banks and the defense Date: Thu, 16 Jun 2011 07:15:44 -0700 Organization: Vertrauen Lines: 21 Message-ID: <4DFA1010.109494.usenet_compprog@vert.synchro.net> NNTP-Posting-Host: vert.synchro.net Content-Type: text/plain; charset=IBM437 Content-Transfer-Encoding: 8bit X-Trace: news.bbs-scene.org 1308235170 25734 64.148.159.105 (16 Jun 2011 14:39:30 GMT) X-Complaints-To: abuse@bbs-scene.org NNTP-Posting-Date: Thu, 16 Jun 2011 14:39:30 +0000 (UTC) To: All X-Comment-To: All X-FTN-PID: Synchronet 3.15a-Win32 Debug Apr 27 2011 MSC 1600 X-Gateway: vert.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] Xref: x330-a1.tempe.blueboxinc.net comp.programming:477 Even using the public cyphers and SSH2 (which is completely open source) https over compounded ssh2 cyphers would require millions of packets to crack and their wouldn't be anywhere near that many between server and client. Almost anyone could make an easy to use sniffer and ssl/https cracker.. using the open source of ssh, public cyphers, and the packets themselves.. you don't need more than a single transmission. How difficult would building a distributed sniff and hack bank attack be? It would be very easy. Client <=> SSL/HTTPS <=> SSH2 (cypher 1) <=> SSH2 (cypher 2) <=> SSH3 (cypher 3) <=> SSL/HTTPS <=> Server is what should be immediately implimented. Client <=> SSL/HTTPS <=> Server is what the banks currently use for online banking. Securecom 1.2 is up... uptime not %100 magizian.hopto.org ssh -2C -p 20022 -l user magizian2.dyndns.org password is freeaccess Magizian Underground --- Synchronet 3.15a-Win32 NewsLink 1.92 * Vertrauen - Riverside County, California - telnet://vert.synchro.net