Why Worry Today, If Your Bank Account Gets Hacked Tomorrow

Tags: No Tags
Comments: 1 Comment
Published on: August 12, 2007

My post from a week ago, about the major flaws in the new online banking security systems that banks around the country deployed recently, did not get any attention. The flaw was explained in detail and demonstrated (by actually hacking a bank account) at the Defcon 15 hacker conference in Las Vegas. One person dugg it at Digg.com and that was it. End of story, nobody seems to be interested. Well, it only affects pretty much everybody, at least everybody who uses online banking.

Meanwhile did also other blogs that are specialized in application and system security write about the story. DarkReading.com was one of the most known publications who published the story “New Bank Practices Make Hacking Easier” a couple days after I published mine.

Their story died at Digg.com, just as mine, but at least did some more bloggers pick up their story. Here are a few other bloggers who picked it up:


Here is a picture of Brendan O’Connor, who presented the issue at the conference, which makes it easy to understand, why some people might not give him the attention he deserves.

It is funny how things work sometimes. On the one hand are people going berserk and crazy about some “big privacy issues” that are bullshit. I just mention Google and the other search engines regarding their updates to their privacy policies.

I guess it has to hurt a bunch of people first, some accounts hacked and life’s and businesses ruined that people wake up and ask “WTF is going on here?“. The cries will be loud and painful to listen to. People will ask “Did nobody knew about this?” .. Of course did somebody knew about this, but you were not listen, you dumba…!

“Schadenfreude” is not a good thing in this matter, but a bit cynicism does not hurt either.

Quick Update: Here is the 47 pages presentation by Brendan O’Connor from DefCon 15 in PDF format (only 230KB in size), titled “Greater Than One – Defeating ‘strong’ authentication in web applications”. pdf dc-15-oconnor.pdf

The presentation document goes into much more details than I was in my previous blog post. It also illustrates the issues nicely. Check it out.

Carsten aka Roy/SAC

1 Comment
  1. bank account says:

    Digg can put your info forward but you got to make it known elsewhere. I read at symantec that bank accounts are traded at about 100$ each… impressive.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

NOTE! I believe in the right for freedom of speech and personal opinion and are against censorship, so feel free to tell me what you think and let me and others hear your opinion on this subject, but please avoid using the f-word and s-word as much as you possibly can, because at the end of the day this blog exists for the purpose of useful exchanges of thoughts, ideas and opinions and not as a valve for your accumulated anger and frustration. Get a shrink for that! Thanks.

Welcome , today is Monday, October 7, 2024