Penetration Testing mailing list archives
[PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING
From: mikhail.iakovlev () TELENOR COM
Date: Thu, 24 Aug 2000 12:24:03 +0200
Hi. I am strongly disagree with this. What if bank's software is bugfree and it was only operating system's flaw that compromised system? Why hold bank responsible for bugs of environment(OS)? If software is supplied by the bank and it is proven that it is not bugs of the software itself but access information that got stolen because of failure of OS - than why would it be the bank held responsible for it? In majority of cases banking programs require user input, without which software connectivity and access to the bank account would not be possible. If user supplied input got stolen on the way by third party, it is responsibility of the user to be able to protect his own data & user input. Comes in mind picture of having the person writing down his username/password on yellow sticker attached to monitor. Would it be also responsibility of the bank that someone else accessed this information, no matter how? Best wishes, Mikhail Iakovlev jr. Security officer for Cerber Security Norway, System engineer for Telenor Mobil AS Email: mikhail.iakovlev () telenor com, misha () privat sysedata no Phone: +47-99579541,+47-98213738, fax: +47-22870954 -----Opprinnelig melding----- Fra: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]På vegne av Lucio A. Molina Focazzio Sendt: 23. august 2000 14:47 Til: PEN-TEST () SECURITYFOCUS COM Emne: Re: [PEN-TEST] Home-Banking PEN-TESTING Rafael: If the software that use the client is supplied by the bank then the bank is responsible. The bank has the responsability to supply the necesaries tools for to protect the client security information. The responsability of the client is to protect his data and accounts and to take the backups but the security about passwords (encrypted) and audit trail is responsability of the bank Lucio Augusto Molina Focazzio Certified Information Systems Auditor - CISA ISACA Bogota Chapter President tels. (571) 6271751 Fax (571) 2743875 Cel: (573) 2400063 Santafé de Bogotá, Colombia
Current thread:
- [PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING mikhail . iakovlev (Aug 23)
- Re: [PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING paul m (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Shaun Dewberry (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Job de Haas (Aug 24)
- <Possible follow-ups>
- [PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING mikhail . iakovlev (Aug 24)