<div dir="auto"><div>Hi,</div><div dir="auto"><br><div class="gmail_extra" dir="auto"><div class="gmail_quote"><blockquote class="m_-1495664842038483321quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_-1495664842038483321quoted-text"><br>
<br>
<br>
</div><snipped><br>
<br>
Dear Arun,<br>
<br>
<rant><br>
<br>
Thank you for sharing those links. I have seen these on so many Indian<br>
sites including our own Income Tax Department ( to file ITR Returns)<br>
that it has become a joke.<br>
<br>
There is a term called 'Security theater'<br>
<a href="https://en.wikipedia.org/wiki/Security_theater" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/<wbr>Security_theater</a> which is apt for this<br>
occasion.<br>
<br>
To top it with the new Firefox release, you cannot even use addons<br>
like Certificate Patrol to see what kinds of TLS encryption the site<br>
<a href="https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/" rel="noreferrer" target="_blank">https://addons.mozilla.org/en-<wbr>US/firefox/addon/certificate-p<wbr>atrol/</a> . I<br>
have seen lots of reputable sites using pretty poor ciphers for<br>
encryption and for end-users there is no reasonable way for them to<br>
take a call as to what's best or needs to be changed, including most<br>
of the private and public banks.<br></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra" dir="auto"><div class="gmail_quote"><blockquote class="m_-1495664842038483321quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Security is all about the risk that you can take. It has nothing much to do with anything else.<br></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto">If you are covered under some assurance/insurance from the bank or other such authorities, you should not bother much about the criticality of the cyphers etc.</div><div dir="auto"><br></div><div dir="auto">It's your (users) call to accept the risk or not.</div><div dir="auto"><br></div><div dir="auto">BTW</div><div dir="auto"><br></div><div dir="auto">Even RBI uses some certificate issued by private parties. (Not Indian)</div><div dir="auto"><br></div><div dir="auto">Regards</div><div dir="auto">Sudhanwa</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra" dir="auto"><div class="gmail_quote"><blockquote class="m_-1495664842038483321quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div></div></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_extra" dir="auto"><div class="gmail_quote"><blockquote class="m_-1495664842038483321quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br>
FWIW I have written to some banks whose customer I am and had been<br>
thinking of shifting to digitial platforms but haven't received any<br>
sort of substantial answers from them.<br>
<br>
What you have highlighted is that only 0.0001 percent fools like us<br>
want security and are a bit paranoid like us. The rest just go about<br>
their merry way.<br>
<br>
I don't have solutions other than building awareness on the bottom of<br>
the pyramid but that is kind of slow death. When people are ready to<br>
give their fb usernames and passwords at the drop of the hat without<br>
doing any social engineering than this feels like a long task<br>
<br>
</rant><br>
<br>
I do wish we had better ways to enhance and mass-reach on sensitive<br>
topics like these.<br>
<font color="#888888"><br>
--<br>
Regards,<br>
Shirish Agarwal शिरीष अग्रवाल<br>
My quotes in this email licensed under CC 3.0<br>
<a href="http://creativecommons.org/licenses/by-nc/3.0/" rel="noreferrer" target="_blank">http://creativecommons.org/lic<wbr>enses/by-nc/3.0/</a><br>
<a href="http://flossexperiences.wordpress.com" rel="noreferrer" target="_blank">http://flossexperiences.wordpr<wbr>ess.com</a><br>
EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8<br>
______________________________<wbr>_________________<br>
plug-mail mailing list<br>
<a href="mailto:plug-mail@plug.org.in" target="_blank">plug-mail@plug.org.in</a><br>
<a href="http://list.plug.org.in/listinfo/plug-mail" rel="noreferrer" target="_blank">http://list.plug.org.in/listin<wbr>fo/plug-mail</a><br>
</font></blockquote></div><br></div></div></div>