Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Home-Banking PEN-TESTING

From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Tue, 22 Aug 2000 18:07:20 -0700
 [snip] it's programmers can fix the problem (they just don't do it 'couz it
is costly) [snip]

If you are implying that the problem is in the client portion of a
client/server application, and the bank maintains that product, I would say
it is clearly their job to secure it.


-----Original Message-----
From: Rafael Coninck Teigao
To: PEN-TEST () SECURITYFOCUS COM
Sent: 8/21/00 3:31 PM
Subject: [PEN-TEST] Home-Banking PEN-TESTING

Hi, ppl.
    I'm pen-testing a home-banking system. My client has a doubt and we
basically disagree in some level: is the client's machine of the
responsibility of the bank? I mean, if I can break the client's machine
and steal useful information from it (passwords, account's data, etc.),
is the bank responsible, having in mind that it's programmers can fix
the problem (they just don't do it 'couz it is costly)?
    Let me hear what you think.

    []'s,
    RCT.

--
------------------------------------------------------------------------
-------
And the Raven, never flitting, still is sitting, still is sitting
On the pallid bust of Pallas just above my chamber door;
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp - light o'er him streaming throws his shadow on the floor;
And my soul from out that shadow that lies floating on the floor
Shall be lifted - nevermore!
        E. A. Poe --> The Raven (c1845)
------------------------------------------------------------------------
-------
Previous By Date Next
Previous By Thread Next

Current thread: