Products > Test Equipment
Test Equipment Anonymous (TEA) group therapy thread
bd139:
SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.
Hence TOTP/HMAC app.
tggzzz:
--- Quote from: bd139 on June 30, 2018, 02:12:06 pm ---Edit: also it’s good enough to shift liability away from the technology provider. “Well you entered the token value. Were you in possession of the token? Oh no? We can’t help you then”
--- End quote ---
Ha! You beat me to it.
Of course that is the reason passwords and PINs are there as well!
Never forget the infamous Halifax and Munden (sp?) case. Ex-policeman objected to phantom withdrawals from Halifax account, they prosecuted him for fraud and he went to jail. The essence of the case was that the (infallible) Halifax records showed he had entered the PIN. Years later it was found to be an inside job.
No doubt there will be a lot of half-baked thoughts about identity. If you want much less half-baked reasoning, then read comp.risks. That is low volume, high SNR, and has been going for 30 years. It always makes fascinating reading about how things don't work - both obviously and subtly. It is the only newsgroup that I reckon all IT and engineering professionals should read.
I read it via the original distribution mechanism, usenet. The archives are available at http://catless.ncl.ac.uk/Risks/ as is a RSS feed.
Cerebus:
A quick heads up: Anybody in the UK who has been getting Metcal envy the last day or two, https://www.ebay.co.uk/itm/oki-metcal-ps-900-soldering-iron-stand/173387210284 - used PS900 outfit, £100 buy it now.
tggzzz:
--- Quote from: bd139 on June 30, 2018, 02:58:48 pm ---SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.
Hence TOTP/HMAC app.
--- End quote ---
That's a simplification, of course :)
If you've ever seen a diagram trying to represent all the interconnected systems in a telco, you would start gibbering. There is a whole sub-industry devoted to allowing telecos to interconnect X with Y by introducing a new proprietary "shim" layer.
I'm sure the finance industry is just the same.
bd139:
--- Quote from: Cerebus on June 30, 2018, 03:08:55 pm ---A quick heads up: Anybody in the UK who has been getting Metcal envy the last day or two, https://www.ebay.co.uk/itm/oki-metcal-ps-900-soldering-iron-stand/173387210284 - used PS900 outfit, £100 buy it now.
--- End quote ---
Not a bad price. I did see that and thought I’d buy a nice shiny untouched one :D
--- Quote from: tggzzz on June 30, 2018, 03:09:30 pm ---
--- Quote from: bd139 on June 30, 2018, 02:58:48 pm ---SS7 is a shit. Need to turn off 2G and 3G networks. Diameter on 4g isn’t much better by option as no one bothers with IPSec. Total shit show. Instagram is more secure.
Hence TOTP/HMAC app.
--- End quote ---
That's a simplification, of course :)
If you've ever seen a diagram trying to represent all the interconnected systems in a telco, you would start gibbering. There is a whole sub-industry devoted to allowing telecos to interconnect X with Y by introducing a new proprietary "shim" layer.
I'm sure the finance industry is just the same.
--- End quote ---
Telcos are a nightmare. I am in regular contact with someone who has to fight off the state level entities constantly attacking their core infrastructure. Billing is where telcos go to hell. That’s a tangled web of crazy.
As for finance, going back to 2000ish that was true but bear in mind we are heavily risk managed now after numerous high publicity “events”, things are in pretty good shape across the board. If you look at the backers you will find 1/5th of the staffing these days are security/audit/architecture. Everything is highly modular and carefully decoupled and there are API and integration standards. Plus stuff like Xignite. Most shims you see are aggregators that provide insight or info on other data sources.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version