|
lw@zi wrote: Come to think of it, with Aussies and their compulsive behaviour to shorten up words, you might as well be referred to as Raj.
It's kind of why I said it's likely to be "another Raj". That, and the outsourcing to India.
|
|
|
|
|
Thanks! It is very refreshing to hear from others who really loathe these bad policies too.
|
|
|
|
|
Does your password manager not offer an option to simulate keystrokes to enter your password, rather than blindly relying on the clipboard?
(I have no idea - I don't use a password manager - at least nothing that'll try to type in anything for me out of "convenience")
|
|
|
|
|
dandy72 wrote: Does your password manager not offer an option to simulate keystrokes
Simulating keystrokes is more difficult in an Android app and it is the Android app that they (bank) removed the paste ability from.
|
|
|
|
|
I see.
As far as I'm concerned...considering the number of Android devices out there that have known exploits that'll never be patched, because OEMs can't be bothered...all banks should block Android altogether.
I rarely side with banks, but Android device vendors are downright irresponsible. IMNSHO.
|
|
|
|
|
Ok, I can accept that Android devices are vulnerable. That's fine.
But, then, the resolution for the bank is not to disallow pasting...it is to disallow the use of an Android device altogether. In other words, they shouldn't have ever created an Android app in the first place. I would accept that decision more readily than the blocking paste solution.
But then that would mean they needed to block the web site from Android Web browsers too.
It would be interesting and funny if the bank just came out and said, "Sorry, you can only use our e-banking via Apple devices."
|
|
|
|
|
|
raddevus wrote:
I contacted them (via their Twitter support) and explained that this is a security fallacy that pasting is dangerous. Write a piece for the local newspaper, based on facts, explaining how the bank either does not take security seriously, or is run by incompetents.
And be sure to name the bank by name
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
|
If you get the paper to publish your letter...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
You better stock up on lawyers then
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: You better stock up on lawyers then
Exactly why I have not written the article.
However, did you see the update to my post?
I found an article from the National Cyber Security Centre which also has links to Troy Hunt's explanation on why pasting is safe and important and it has a link to a Wired article 2015 which has very interesting info on why pasting should(must) be available in apps.
|
|
|
|
|
So, if I find the tweet, I'll know the bank by name?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
|
I don't have/use twitter; I assumed all tweets were public
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
raddevus wrote: But how could the paste functionality EVER be an exposure? In order to paste, you have to have previously copied your password to the clipboard, and it stays there until cleared. That's a security risk right there.
Actually, I've been concerned about copying my password to the clipboard for a while now.
|
|
|
|
|
patbob wrote: and it stays there until cleared
Not if you're using a decent password manager. For example, KeyPass gives you a 30-second countdown, and then clears the clipboard.
Although quite how that will work with the new "Cloud Clipboard" feature remains to be seen.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
patbob wrote: Actually, I've been concerned about copying my password to the clipboard for a while now.
But to get to the clipboard the malicious software* has to be running something that runs in your user context and that means your computer is already taken over.
Also, that is why they could allow just the paste functionality because it would be up to the user then to copy into the clipboard or not.
Fear of paste is akin to not allowing the user to turn on the oven because a malicious person may have placed a stick of dynamite in it unbeknownst to the cook.
*Here's an explanation of this principle at stackoverflow (see item marked as answer) -- Is a password in the clipboard vulnerable to attacks? - Information Security Stack Exchange[^]
|
|
|
|
|
raddevus wrote: But to get to the clipboard the malicious software* has to be running something that runs in your user context and that means your computer is already taken over. Or you are running remote desktop in a windows server...
Then you can paste what other person has copied (And yes... this is true, and I don't know what to do: To cry or to laugh)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
raddevus wrote: I contacted them (via their Twitter support) and explained that this is a security fallacy that pasting is dangerous.
To which the customer support drone, who knows nothing of technology or security, presumably replied with the canned "This is for your protection" response?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
|
Not being able to past my password or using a password manager will force me to use a password that potentially are unsafe because I need to write them down or they are easy to guess.
|
|
|
|
|
sir_download_alot wrote: will force me to use a password that potentially are unsafe
Exactly! It just makes no sense to remove paste functionality.
|
|
|
|
|
Hi all,
My mother uses an all in one computer.
Windows 10 x64 installed...
Cursor gets stopped each few seconds, making it really annoying to work with it...
If I start Windows in Safe Mode, then it works like charm.
Tried to find and update all drivers but now luck.
Malwarebytes and windows defender have not found anything there...
How would you diagnose/solve it?
PS: No battery problems here...
As always, thank you in advance!
modified 23-Sep-18 16:07pm.
|
|
|
|