Re: [PEN-TEST] Home-Banking PEN-TESTING

["Lucio A. Molina Focazzio" <lmolina () COL1 TELECOM COM CO>]

Rafael:

If the software that use the client is supplied by the bank then the bank is
responsible. The bank has the responsability to supply the necesaries tools
for to protect the client security information. The responsability of the
client is to protect his data and accounts and to take the backups but the
security about passwords (encrypted) and audit trail is responsability of
the bank


Lucio Augusto Molina Focazzio
Certified Information Systems Auditor - CISA
ISACA Bogota Chapter President
tels. (571) 6271751
Fax  (571) 2743875
Cel: (573) 2400063
Santafé de Bogotá, Colombia


-----Mensaje original-----
De: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]En nombre de
Rafael Coninck Teigao
Enviado el: Lunes, 21 de Agosto de 2000 05:32 p.m.
Para: PEN-TEST () SECURITYFOCUS COM
Asunto: [PEN-TEST] Home-Banking PEN-TESTING


Hi, ppl.
    I'm pen-testing a home-banking system. My client has a doubt and we
basically disagree in some level: is the client's machine of the
responsibility of the bank? I mean, if I can break the client's machine
and steal useful information from it (passwords, account's data, etc.),
is the bank responsible, having in mind that it's programmers can fix
the problem (they just don't do it 'couz it is costly)?
    Let me hear what you think.

    []'s,
    RCT.

--
----------------------------------------------------------------------------
---
And the Raven, never flitting, still is sitting, still is sitting
On the pallid bust of Pallas just above my chamber door;
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp - light o'er him streaming throws his shadow on the floor;
And my soul from out that shadow that lies floating on the floor
Shall be lifted - nevermore!
        E. A. Poe --> The Raven (c1845)
----------------------------------------------------------------------------
---