LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

The current development kernel is...linux-next?

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Futile half measures!

Futile half measures!

Posted May 30, 2006 18:45 UTC (Tue) by MortFurd (guest, #9389)
In reply to: Futile half measures! by AnswerGuy
Parent article: Firefox Bon Echo Alpha 3 milestone released

How's this look for a secure solution to online banking:
http://www.hbci-zka.de/english/

Phishing? Not in my house. I don't use a browser to bank, so Phishing doesn't work.

GNUCash does HBCI, and Linux supports darned near all of the card readers (though not all of the card types.) The card does the encryption, but only when I give it the PIN. There are extra secure card readers (with a numeric keypad to enter the PIN) for systems where you can't trust the system so that trojan or keyreader infested systems can't be used to clean out your account. If your account is empty, you sure by gosh did it yourself.

Secure, public/private key encryption (RSA,) an open standard, supported by open software - and used by over 2000 banks. What more could you want? Just one thing:
For banks in other countries to get up off of their duffs and do something right.*

*PS: The german banks are currently in the process of weakening HBCI to allow crappy software and lazy users to use the insecure PIN/TAN system again. Not gonna happen here. I'm sticking with my card and GNUCash.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.