IP: Berlin Bank shows sensitive information: [risks] Risks Digest 21.50

[David Farber <dave () farber net>]

> Date: Mon, 09 Jul 2001 12:38:37 +0200
> From: Debora Weber-Wulff <weberwu () fhtw-berlin de>
> Subject: Berlin Bank shows sensitive information
>
> On 2 Jul 2001, a reporter for a local newspaper wanted to check his on-line
> account with the Berliner Sparkasse. Imagine his surprise to find lots of
> interesting data about an account and loans - except that they were not his.
> About 50 persons could not access their own accounts, they were presented
> with data from other people. The bank assures us, that no funds could be
> transferred, it was "just" possible to see how much money was in the
> accounts and to see the last transactions.
>
> They immediately removed the on-line banking from the net. The official
> problem source, according to a spokesperson from the bank, was "strain"
> (Ueberlastung) on the systems. The company DefCom Security worked feverishly
> to get it back on line by Tuesday, but forgot that they had fooled with the
> certificates.  Users were presented with a screen warning them that the
> certificate was issued by a company that was classified as not
> trustworthy.... Maybe it's time to change banks?
>
> If you read German, you can find more information at
>
> http://www2.tagesspiegel.de/archiv/2001/07/03/ak-in-6611353.html
> http://www2.tagesspiegel.de/archiv/2001/07/03/ak-be-447917.html
>
> Prof. Dr. Debora Weber-Wulff
> FHTW Berlin, FB 4, Internationale Medieninformatik
> Treskowallee 8, 10313 Berlin
> Tel: +49-30-5019-2320      Fax: +49-30-5019-2300
> weberwu () fhtw-berlin de     http://www.f4.fhtw-berlin.de/people/weberwu/



For archives see: http://www.interesting-people.org/