[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAD6s_XtDuf4WPg6e9pykRrrtVTabkGUvwE=PGpUb-HereJb5WQ@mail.gmail.com>
Date: Tue, 16 Oct 2012 11:26:24 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Alexander Georgiev <alexander.georgiev@...oo.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Is it OK to hold credit card numbers in
cookies? Santander?
Alex, you just dug your grave there, mate.
;-)
On Mon, Oct 15, 2012 at 9:53 PM, Alexander Georgiev <
alexander.georgiev@...oo.de> wrote:
> Well, if we talk about Banks...
>
> Hypo Vereinsbank (http://en.wikipedia.org/wiki/HypoVereinsbank) has
> kind of a strange security style: The online banking website will
> disable your login once you enter it 3 times wrong. Your login is your
> BANK ACCOUNT NUMBER. To re-enable it you have to go into one of their
> offices IN PERSON and identify yourself by ID card and then they will
> send your new password BY LETTER (not email).
>
> Now, PLEASE, when you go to their online banking site and run your
> one_script_to_block_them_all.py or whatever, PLEASE, skip my bank
> account, ok?
>
> Banking regards,
>
> Alex
>
>
>
> On Mon, 15 Oct 2012 21:10:47 +0200, Rainer Duffner
> <rainer@...ra-secure.de> wrote:
> > Am 14.10.2012 um 17:15 schrieb auto62098873@...hmail.com:
> >
> >> Santander are a joke when it comes to security. Fed up of two years of
> battling with them to fix issues any other bank would have fixed in
> seconds, things like XSS on login pages etc. Time to hit full disclosure
> with some of these issues in the hope they'll change their game and start
> to take their customers security seriously:
> >
> >
> > I had to chuckle.
> > The Spanish banks gave 100% mortgages to people who could just barely
> > finance the interest at ultra-low rates.
> > Now, they're taking back those houses and flats, evicting the owners
> > (who can no longer pay) and putting them into rented apartments (for
> > slightly less than the interest rates).
> > The banks were bailed-out by the government, which has now got to be
> > bailed-out by the EU.
> >
> > Do you honestly think that "customers" actually exist on the radar of
> > those banks?
> > Hell - who needs customers, when you can have a bail-out?
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists