Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@katrinakatrinka" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>katrinakatrinka</span></a></span> <span class="h-card" translate="no"><a href="https://universeodon.com/@digyoursoul" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>digyoursoul</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@molly0xfff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>molly0xfff</span></a></span> granted, compared to <a href="https://infosec.space/tags/CustomerProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CustomerProtection</span></a> and <a href="https://infosec.space/tags/Regulations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Regulations</span></a> in the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a>, <a href="https://infosec.space/tags/finance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>finance</span></a> inctue <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a> is a shitshow.</p><ul><li><a href="https://infosec.space/tags/Carding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Carding</span></a> as a form of <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fraud</span></a> doesn't really exist here, and the few possibilities does.with <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> mandating <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>3Dsecure</span></a> in <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SEPA</span></a> member nations...</li></ul>
Recent searches
No recent searches
Search options
Not available on socel.net.
socel.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Socel is a place for animation professionals, freelancers, independents, students, and fans to connect and grow together. Everyone in related fields are also welcome.
Administered by:
Server stats:
319active users
socel.net: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#psd2
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@lucasmz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lucasmz</span></a></span> I guess you never had to do payments within <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> / <a href="https://infosec.space/tags/EFTA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EFTA</span></a> / <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SEPA</span></a> where <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> applies...</p><ul><li>Cuz <a href="https://infosec.space/tags/3Dsecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>3Dsecure</span></a> is <a href="https://infosec.space/tags/VISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VISA</span></a>'s implementation of it!</li></ul><p>Basically it boils down to mandating <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> via <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>App</span></a> or <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> for any substantial online transaction...</p>
Quincy<p>Für das Weglassen einer einfachen und universellen Schnittstelle habe ich exakt null Verständnis ...</p><p>nirgends. Auch bei der <a href="https://chaos.social/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bank</span></a> nicht. Das ist viel schlimmer. Fuck <a href="https://chaos.social/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> 😡</p>
dreiwert<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@kuketzblog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kuketzblog</span></a></span> Gibt es empfehlenswerte (idealerweise quelloffene) Authenticator-Apps, die als <a href="https://digitalcourage.social/tags/psd2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psd2</span></a> Authentifizierungsfaktor zulaessig sind?</p><p><a href="https://digitalcourage.social/tags/appzwang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appzwang</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GrapheneOS</span></a></span> +9001%</p><p>The sheer amount of <em>liabilities</em> if not legal through <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a>, but indirectly through.mandated <a href="https://infosec.space/tags/standards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>standards</span></a> like <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCIDSS</span></a> & <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> are the reason one should avoid storing them at all costs!</p>
pink<p><span class="h-card" translate="no"><a href="https://ma.fellr.net/@fell" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fell</span></a></span> <br>I am not overly familiar with <a href="https://norden.social/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> but there is an open standard for verifying arbitrary data in a challenge-response procedure based on a shared secret (like TOTP) called OCRA: <a href="https://www.rfc-editor.org/rfc/rfc6287" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">rfc-editor.org/rfc/rfc6287</span><span class="invisible"></span></a><br><span class="h-card" translate="no"><a href="https://hessen.social/@Caroline" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Caroline</span></a></span> <span class="h-card" translate="no"><a href="https://101010.pl/@didek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>didek</span></a></span> <span class="h-card" translate="no"><a href="https://brotka.st/users/kaia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kaia</span></a></span></p>
Erik van Straten<p>After reading more in <a href="https://developer.mastercard.com/open-banking-europe/documentation/licensed/aiia-enterprise/production/tpp-certs/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.mastercard.com/open-</span><span class="invisible">banking-europe/documentation/licensed/aiia-enterprise/production/tpp-certs/</span></a> I noted:</p><p><<< We do not require a pass-phrase for the private key.<br>[...]<br>The requirement to set hostname on QWAC certificates is somewhat confusing, as this is a requirement for TLS server certificates, whereas QWAC certificates are TLS client certificates. >>></p><p>WHAT?</p><p>From <a href="https://crt.sh/?id=12752024628" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crt.sh/?id=12752024628</span><span class="invisible"></span></a>:</p><p><<< X509v3 Extended Key Usage:<br>TLS Web Client Authentication, TLS Web Server Authentication >>></p><p>If my understanding is correct, an attacker who obtains access to the private key, sends a phishing mail asking to open https:⁄⁄bunq-com.aiiaclient.com and is able to inject falsified DNS replies (or some other possible network-based attacks), can trick users by showing them a fake bunq website - notably using a QWAC?</p><p>I surely hope that I misunderstand all of this.</p><p>If not: which idiot decided to put a domain name (instead of, for example, an email address) in a QWAC intended for client authentication?</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@agl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>agl</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Tarah" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Tarah</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@ScottHelme" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ScottHelme</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dangoodin</span></a></span> </p><p><a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/ClientAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClientAuthentication</span></a> <a href="https://infosec.exchange/tags/ClientCertificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClientCertificate</span></a> <a href="https://infosec.exchange/tags/ClientCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClientCertificates</span></a> <a href="https://infosec.exchange/tags/ServerCertificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ServerCertificate</span></a> <a href="https://infosec.exchange/tags/ServerCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ServerCertificates</span></a> <a href="https://infosec.exchange/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://infosec.exchange/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a></p>
https://purl.org/rzr#<p><a href="https://talk.maemo.org/showthread.php?p=1572325#post1572325#" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">talk.maemo.org/showthread.php?</span><span class="invisible">p=1572325#post1572325#</span></a> <a href="https://mastodon.social/tags/PSD2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PSD2</span></a> : Yea I have been using a <a href="https://mastodon.social/tags/JP1" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JP1</span></a> with <a href="https://mastodon.social/tags/AndroidRuntime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AndroidRuntime</span></a> but will it be future proof ? to support "forced intrusive apps" from banks , state etc ? <span class="h-card" translate="no"><a href="https://hachyderm.io/@cyberlyra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cyberlyra</span></a></span></p>
Alejandro Martínez<p>There was only a single bank that I knew of, Wise, that let a customer use their APIs to read your account transactions... but not anymore, because of regulation 🫠</p><p>In the EU, that's how PSD2 forces you to "buy" API access to your own personal bank account transaction data through a third-party🤦♂️</p><p><a href="https://hachyderm.io/tags/gdpr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gdpr</span></a> <a href="https://hachyderm.io/tags/psd2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psd2</span></a> <a href="https://hachyderm.io/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> <a href="https://hachyderm.io/tags/api" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>api</span></a> <a href="https://hachyderm.io/tags/banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>banks</span></a> <a href="https://hachyderm.io/tags/plaintextaccounting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>plaintextaccounting</span></a></p>
Caroline<p><span class="h-card" translate="no"><a href="https://mastodon.online/@ilyess" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ilyess</span></a></span> You might be wrong in 2 ways, at least if I relate this to how mobile banking is working in Europe:<br>1) Weak passwords are only a risk if brute forcing is possible. In Europe, after 3 or 5 false attempts to enter the password, access is blocked. Complex passwords do not help when so. is shoulder surfing.<br>2) There might have been a second factor: the phone as a possession factor (activated through some other trust factor), and/or biometrics (so maybe even 3 factors).</p><p><a href="https://hessen.social/tags/psd2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psd2</span></a> <a href="https://hessen.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://hessen.social/tags/Banking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banking</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload