Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersNorton Internet banking
geocom

597 posts

Ultimate Geek
+1 received by user: 143

Subscriber

#270656 20-May-2020 16:33
Send private message

Just seen this news article https://www.geekzone.co.nz/content.asp?contentid=23249

 

Anyone done some more research into this but from what i have read from a quick google search Norton are actually selling a Man in the middle attack as security!

 

Is there more to this than i'm missing but from first impressions wow that's bad.




Geoff E

Create new topic
antonknee
1133 posts

Uber Geek
+1 received by user: 1145


  #2487327 20-May-2020 18:05
Send private message

Yeah I read that Geekzone article this afternoon and had to wonder what exactly the point of that was. I can't see much value in it personally.



geocom

597 posts

Ultimate Geek
+1 received by user: 143

Subscriber

  #2487341 20-May-2020 18:38
Send private message

https://support.norton.com/sp/en/au/home/current/solutions/v131585157 the last item confirms my suspicions. So yes it is as bad as it looks.

 

If you have norton you really should disable this. Not only will you break the banks protections I would expect this would violate your banks terms of service.




Geoff E

OldGeek
989 posts

Ultimate Geek
+1 received by user: 409

ID Verified
Lifetime subscriber

  #2487389 20-May-2020 20:35
Send private message

Call me a novice here - but my basic understanding with NZ banks in particular is that:

 

     

  1. Every bank has its own URL and that using any URL that is not that of their Internet Banking service is insecure (at least).  I am with the ANZ, so internet banking should always be with an anz.co.nz website.
  2. Your bank guarantees the integrity of their website as in (1).
  3. The use of any third party service (such as that promoted by Norton) potentially invalidates (2).

 

My approach to this would be to look at my bank's documentation on Internet Banking security, or to ask my bank direct, if there is any value-add to a third party Internet Banking security product.  If the bank recommends such products consider the product bank-endorsed, if not consider it valueless.

 

Am I wrong?




-- 

OldGeek.

 

Quic referal code: https://account.quic.nz/refer/581402 and use this code for free setup: R581402E48MJA



michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2487407 20-May-2020 21:17
Send private message

While I work for a large bank which many of you guys know about what I am about to say is on a more unofficial level and relates to all banks here in NZ.

 

As you know, all banks have a Internet Banking term of service. You're best to check with your own bank regarding this, but for most of them it basically says "only login to Internet Banking on your own computer, and keep your details away from third parties", breaching this is essentially breaching the banks trust to you as a customer as you're both putting yourself and them at risk. If they have any suspicion that you've leaked your internet banking details to a third party this could mean you're not covered for any fraud that may occur down the line.

 

Lets use the following example. Customer uses POLi and logs into their internet banking. As they've provided their details to a third party (and the bank can very easily pick up on this) they have breached their internet banking terms and conditions. Now imagine if that same customer gets phished, or is reusing passwords (by the way - keep track on https://haveibeenpwned.com for this aspect) and a large sum of money gets transferred out of their account by any third party, the bank can turn around and say "nope" to refunding that money back as the customer put themselves at risk of fraud and what's to say the reason for the leak was POLi.

 

This is why banks don't allow such systems, and why systems like POLi as an example make me nervous as there is no knowing, apart from their word what information is collected, how secure their systems are etc. Banks are a huge target as it is but allowing such systems access to your internet banking widens this target.

 

Security software is also not safe from compromise. Take a look at Kaspersky as an example which has seen several high profile incidents.

 

So, with my security hat on, and my banking hat off, until I have fully verified what Norton is doing here (however on the surface it does appear they are doing a man in the middle) you're not only breaching your internet banking terms of service by using such a tool (unless, if your bank has explicitly allowed this) but you may be putting yourself at further unnecessary risk. I'm in no way qualified to make an official statement for whom I work for hence why I have not named any names. Most banks protect you and have rather sophisticated detection for common malware baked into their internet banking - if you behave, then believe me when I say your bank will look after you.

 

Also, seriously, ensure all your devices are up-to-date with the latest operating system patches / releases. This includes anyone holding back on updating their iPhone or iPad to the latest version of iOS.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

lNomNoml
1840 posts

Uber Geek
+1 received by user: 521

ID Verified

  #2487414 20-May-2020 21:46
Send private message

geocom:

 

https://support.norton.com/sp/en/au/home/current/solutions/v131585157 the last item confirms my suspicions. So yes it is as bad as it looks.

 

If you have norton you really should disable this. Not only will you break the banks protections I would expect this would violate your banks terms of service.

 

 

If you use anything Norton you should switch.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright