Re: [PEN-TEST] Home-Banking PEN-TESTING

[Rafael Coninck Teigao <rafael () SAFECORE NET>]

I'm not cracking the client machine. I'm asking that if it is possible
to
someone to crack the client machine and get the password, should the
bank
hold liability for it? I already broke into my own machine for that
purpose, so I know it is vulnerable.

    []'s,
    RCT.


Erik Tayler wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I do not believe the bank even has the right to have you test
> personal computers that are housed in a residence. Ask a lawyer to be
> certain, but that seems like a large invasion of privacy. I have
> previously used home-banking, and I would be furious if my bank hired
> people to break into my home network. I think one could consent to
> such a service, I am not saying it is un-performable, but it sounds
> like a pain to get such permission from everyone subscribing to the
> home-banking system. Sniffing someone while they are transferring
> sensitive information is just as effective as breaking into their
> network/pc. None of what I just said is of any relevance if you are
> not referring to the consumers that actually access the bank via
> modem or web-interface to view their financial data.
>
> Erik Tayler
> 14x Network Security
> http://www.14x.net

--
-------------------------------------------------------------------------------
And the Raven, never flitting, still is sitting, still is sitting
On the pallid bust of Pallas just above my chamber door;
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp - light o'er him streaming throws his shadow on the floor;
And my soul from out that shadow that lies floating on the floor
Shall be lifted - nevermore!
        E. A. Poe --> The Raven (c1845)
-------------------------------------------------------------------------------