RE: Client Computer Registration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



rich(ard)...

not knowing what keybank is doing.. i really can't comment much on their
approach...

however, if they are creating a unique identifier for the targeted computer,
it's not some string/cookie residing in a file on the harddrive... in fact,
the unique ID would be based on the physical hardware components of the
pc... which essentially locks the ID with the given hardware. it's been
shown (not 100%) that this kind of approach is really reasonable, even
though you might remove/update various hardware components of the machine...

but none of this is tightly coupled to php...

peace..

-----Original Message-----
From: Richard Lynch [mailto:ceo@xxxxxxxxx]
Sent: Tuesday, October 03, 2006 11:07 AM
To: bedouglas@xxxxxxxxxxxxx
Cc: ceo@xxxxxxxxx; 'Rahul S. Johari'; 'PHP'
Subject: RE:  Client Computer Registration


On Mon, October 2, 2006 4:19 pm, bruce wrote:
> actually richar, and others...
>
> depending on what they're doing, it's quite alot to it.

I sincerely doubt that it is, and apologize in advance to Keybank if
it is, but I suspect they just plain don't know what they are doing...

I certainly wouldn't use their site without a LOT more research!

> if the bank is being agressive, they might be requiring a client app
> to be
> downloaded and is then able to communicate with the client app,
> thereby
> getting a great deal more information. a few companies have begun the
> process of not just dealing with authorizing the user, but the
> computer/device as well. and it really makes sense. in this way, i as
> a
> business can state with a high degree of confidence that the computer
> in the
> house (assuming i as a business were to take it that far) was used for
> the
> transaction in question...

Until the Bad Guys write a virus/Trojan that finds that file, and
copies it up to their server, so they can then put it on their
computer, and thus take over your identity, without even cracking SSL.
[shudder]

> furthermore, if the dispute isn't satisfied, i can then add the
> computer to
> a "blacklist" of devices.. if enough companies use this kind of
> system, and
> the database is large enough, it becomes an additional tool to use to
> minimize online transaction abuse...

Yeah, that RBL is really effective and has very few false positives to
it...

[that was sarcasm, just in case you didn't catch it...]

There are simply going to be too many records, too many false
positives, and *way* too many issues with this.

It can not be made to work.

That doesn't mean there aren't "experts" out there that disagree with
me and aren't going to go ahead and do it.

It just means *I* will not be using a bank that does things this way.

> as to if people want to be part of this kind of system.. that's a huge
> unknown... to be frank, it does open up a number of potential
> 'privacy'
> issues.. but as scott mcnealy said before.."you have no privacy, get
> over
> it!!"

I am under no illusion about my lack of privacy.

That doesn't mean I want to use a bank that is, based on the limited
info we've discussed here, LEAKING MY BANK ACCOUNT TO THE PLANET...

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux