While waiting for ten minutes on "hold" to make an appointment with my local branch of Scotiabank, I had time read through the new "Digital Services Agreement. Most of the eighteen pages were unremarkable, but a couple of things stood out.
When you click "Accept", you are agreeing to not give your password to police if they ask!
You are responsible for maintaining the confidentiality and safekeeping of your Card, Card Number, Username, and Electronic Signature. ... These responsibilities include:
- not voluntarily disclosing your Electronic Signature to anyone else at any time, including any family member, friend, law enforcement agency, or financial institution employee;
You're also agreeing to not use "public" wifi:
(These responsibilities include:) using your own private wireless data connection, and avoiding use of public Wi-Fi services, when you are using the Digital Services;
This of course is from a bank that still refuses to allow Uppercase letters or Special characters in a password.
(Score: 5, Insightful) by pkrasimirov on Thursday September 29 2016, @07:38AM
What's wrong with coffee shop WiFi and SSL?
(Score: 2) by frojack on Thursday September 29 2016, @07:14PM
Ask the pimply faced kid lurking behind his laptop screen in the corner.
He probably already knows what level of SSL your bank is using and may have already tried a downgrade attack on your phone. (How sure are you that your phone isn't still using SSL 3?)
VPNs are actually WORSE [infosecurity-magazine.com] then most new browsers.
No, you are mistaken. I've always had this sig.
(Score: 2) by pkrasimirov on Thursday September 29 2016, @09:21PM
But that is 1) bank's fault at cyber security, 2) user's fault for using the bank and 3) unrelated to the coffee shop wifi. With compromised SSL I am at risk even at home.