Penetration Testing mailing list archives
Re: [PEN-TEST] Home-Banking PEN-TESTING
From: "Lucio A. Molina Focazzio" <lmolina () COL1 TELECOM COM CO>
Date: Wed, 23 Aug 2000 07:47:06 -0500
Rafael: If the software that use the client is supplied by the bank then the bank is responsible. The bank has the responsability to supply the necesaries tools for to protect the client security information. The responsability of the client is to protect his data and accounts and to take the backups but the security about passwords (encrypted) and audit trail is responsability of the bank Lucio Augusto Molina Focazzio Certified Information Systems Auditor - CISA ISACA Bogota Chapter President tels. (571) 6271751 Fax (571) 2743875 Cel: (573) 2400063 Santafé de Bogotá, Colombia -----Mensaje original----- De: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]En nombre de Rafael Coninck Teigao Enviado el: Lunes, 21 de Agosto de 2000 05:32 p.m. Para: PEN-TEST () SECURITYFOCUS COM Asunto: [PEN-TEST] Home-Banking PEN-TESTING Hi, ppl. I'm pen-testing a home-banking system. My client has a doubt and we basically disagree in some level: is the client's machine of the responsibility of the bank? I mean, if I can break the client's machine and steal useful information from it (passwords, account's data, etc.), is the bank responsible, having in mind that it's programmers can fix the problem (they just don't do it 'couz it is costly)? Let me hear what you think. []'s, RCT. -- ---------------------------------------------------------------------------- --- And the Raven, never flitting, still is sitting, still is sitting On the pallid bust of Pallas just above my chamber door; And his eyes have all the seeming of a demon's that is dreaming, And the lamp - light o'er him streaming throws his shadow on the floor; And my soul from out that shadow that lies floating on the floor Shall be lifted - nevermore! E. A. Poe --> The Raven (c1845) ---------------------------------------------------------------------------- ---
Current thread:
- Re: [PEN-TEST] Home-Banking PEN-TESTING, (continued)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Flynn, Gary (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Peter Van Epp (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Pluto (Aug 26)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Domenico De Vitto (Aug 28)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Flynn, Gary (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Rafael Coninck Teigao (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Erik Tayler (Aug 22)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Rafael Coninck Teigao (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING H D Moore (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Iván Arce (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING H Carvey (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Lucio A. Molina Focazzio (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Loschiavo, Dave (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Gontarczyk, Andrew (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Cintron, Jose (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Klahn, Paul (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Tonick, Mike (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Chris Calabrese (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Christopher Laycock (Aug 29)
- [PEN-TEST] SQL Server blank account Seth Georgion (Aug 29)
- Re: [PEN-TEST] SQL Server blank account Marc Maiffret (Aug 29)
- Re: [PEN-TEST] SQL Server blank account M. Burnett (Aug 29)
- [PEN-TEST] SQL Server blank account Seth Georgion (Aug 29)