Penetration Testing mailing list archives
Re: [PEN-TEST] Home-Banking PEN-TESTING
From: Domenico De Vitto <dom () DEVITTO DEMON CO UK>
Date: Sun, 27 Aug 2000 22:47:16 +0100
This is country dependant, in the UK, even tho' we use the same technology as the US, bank prosecute customers who say they didn't make the transaction. In reality, they are trying to hide the fact that the technology (mag-stripe) is dated and going to be expensive to replace country-wide. The worst case I've heard was of a _*Police Officer*_ getting convicted, despite much evidence in his favor. Unfortuately he called in an expert too late in the trial to help him, the expert did find out that the bank (Halifax Building Soc) did it's own software testing (by the design team!) and didn't erase the ATM encryption keys when it was opened for servicing. - That shouldn't be a problem usually, but the Halifax uses a 3rd party company (read: any old joe) to service the machines!!! Doh! It's a sad world, and unfortunately the big corporates can only be educated by getting them lots of bad press... Dom -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Pluto Sent: 25 August 2000 17:18 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Home-Banking PEN-TESTING On Tue, 22 Aug 2000, Flynn, Gary wrote:
and I expect the same thing applies i.e. the card holder agreement says if it
was
with your password/passphrase it is considered youCan anyone verify this? Up until this time, credit card companies
In case of ATM cards in germany, yes. We had _big_ legal cases where customers had to prove they hadn't handed their pin out. Mostly they lost and the bank went away with the customer paying the bill in full. Gruss Christoph Puppe -- /* Defcom Security GmbH || Net: www.defcom-sec.de */ /* Arndtstr. 34 || Tel: +49-30-61650-0 */ /* D-10965 Berlin || Fax: +49-30-61650-555 */
Current thread:
- [PEN-TEST] Home-Banking PEN-TESTING Rafael Coninck Teigao (Aug 22)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Peter Van Epp (Aug 22)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Flynn, Gary (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Peter Van Epp (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Pluto (Aug 26)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Domenico De Vitto (Aug 28)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Flynn, Gary (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Rafael Coninck Teigao (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Peter Van Epp (Aug 22)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Erik Tayler (Aug 22)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Rafael Coninck Teigao (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING H D Moore (Aug 24)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Iván Arce (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING H Carvey (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Lucio A. Molina Focazzio (Aug 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Home-Banking PEN-TESTING Loschiavo, Dave (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Gontarczyk, Andrew (Aug 23)
- Re: [PEN-TEST] Home-Banking PEN-TESTING Cintron, Jose (Aug 24)