Penetration Testing mailing list archives

[PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING

From: mikhail.iakovlev () TELENOR COM
Date: Thu, 24 Aug 2000 12:24:03 +0200

Hi.
I am strongly disagree with this. What if bank's software is bugfree and it
was only operating system's flaw that compromised system? Why hold bank
responsible for bugs of environment(OS)? If software is supplied by the bank
and it is proven that it is not bugs of the software itself but access
information that got stolen because of failure of OS - than why would it be
the bank held responsible for it? In majority of cases banking programs
require user input, without which software connectivity and access to the
bank account would not be possible. If user supplied input got stolen on the
way by third party, it is responsibility of the user to be able to protect
his own data & user input. Comes in mind picture of having the person
writing down his username/password on yellow sticker attached to monitor.
Would it be also responsibility of the bank that someone else accessed this
information, no matter how?


Best wishes,                                                    Mikhail
Iakovlev jr.
Security officer for Cerber Security Norway, System engineer for Telenor
Mobil AS
Email: mikhail.iakovlev () telenor com, misha () privat sysedata no
Phone: +47-99579541,+47-98213738, fax: +47-22870954

-----Opprinnelig melding-----
Fra: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]På vegne av
Lucio A. Molina Focazzio
Sendt: 23. august 2000 14:47
Til: PEN-TEST () SECURITYFOCUS COM
Emne: Re: [PEN-TEST] Home-Banking PEN-TESTING


Rafael:

If the software that use the client is supplied by the bank then the bank is
responsible. The bank has the responsability to supply the necesaries tools
for to protect the client security information. The responsability of the
client is to protect his data and accounts and to take the backups but the
security about passwords (encrypted) and audit trail is responsability of
the bank


Lucio Augusto Molina Focazzio
Certified Information Systems Auditor - CISA
ISACA Bogota Chapter President
tels. (571) 6271751
Fax  (571) 2743875
Cel: (573) 2400063
Santafé de Bogotá, Colombia

Current thread:

[PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING mikhail . iakovlev (Aug 23)
- Re: [PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING paul m (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Shaun Dewberry (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Job de Haas (Aug 24)
- <Possible follow-ups>
- [PEN-TEST] SV: [PEN-TEST] Home-Banking PEN-TESTING mikhail . iakovlev (Aug 24)