Re: [PEN-TEST] Home-Banking PEN-TESTING

["Cintron, Jose" <jcintron () IMSIDC COM>]

IMHO, If the client's computer was braked into because of a hole opened by
the SW that the bank provided the bank should be responsible.  That said if
the bank made a statement to the effect that they would not be responsible
for any damage that may result form the usage of the SW and the user
accepted they are not...  just my $.02


+------------------------------------------------------------
| Jose J. Cintron - <jcintron () imsidc com>
|
| Integrated Management Services, Inc.
| 2101 Wilson Boulevard, Suite 916
| Arlington, VA  22201
|
| Phone: 703.528.0334 x323
| FAX: 703.528.3477
| Web: http://www.imsidc.com/
+------------------------------------------------------------


-----Original Message-----
From: Rafael Coninck Teigao [mailto:rafael () SAFECORE NET]
Sent: Monday, August 21, 2000 18:32
To: PEN-TEST () SECURITYFOCUS COM
Subject: Home-Banking PEN-TESTING


Hi, ppl.
    I'm pen-testing a home-banking system. My client has a doubt and we
basically disagree in some level: is the client's machine of the
responsibility of the bank? I mean, if I can break the client's machine
and steal useful information from it (passwords, account's data, etc.),
is the bank responsible, having in mind that it's programmers can fix
the problem (they just don't do it 'couz it is costly)?
    Let me hear what you think.

    []'s,
    RCT.

--
----------------------------------------------------------------------------
---
And the Raven, never flitting, still is sitting, still is sitting
On the pallid bust of Pallas just above my chamber door;
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp - light o'er him streaming throws his shadow on the floor;
And my soul from out that shadow that lies floating on the floor
Shall be lifted - nevermore!
        E. A. Poe --> The Raven (c1845)
----------------------------------------------------------------------------
---