Author Topic: Don't bank online  (Read 3891 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Don't bank online
« on: August 15, 2017, 07:23:17 PM »
https://threatpost.com/attackers-backdoor-another-software-update-mechanism/127452/

BTW, the title is a direct quote from a guy I knew that wrote bank software for international bank-to-bank transactions.  That was 15 years ago but, imo, the hackers have progressed more than software security during that time.

NetSarang does software for banks & financial institutions.

Brad

  • Inner Core
  • Hero Member
  • *
  • Posts: 4137
  • What, me worry?
    • View Profile
Re: Don't bank online
« Reply #1 on: August 15, 2017, 11:16:40 PM »
Nothing electronic has access to my bank accounts, no: ATM, no debit card, no automatic payments, not even an account linked to PayPal anymore.

I did set up that newfangled Apple Pay, but I've never used it.  I keep forgetting how.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #2 on: August 17, 2017, 12:45:46 PM »
This one was just found in the Chrome extensions

Quote
The malware, in this case, was a data gathering one, designed to allow further exploitation of the victims. After securing form login information from the user, the malware transfers that data to a server controlled by the attackers, who can then use it to profile their victim. They then use that information to go after those who have financial control over the company they work for.

In targeted attacks, they call them up and use a combination of social engineering and phishing to have them give the attacker further access to financial information, which can result in banking theft.

....avoided detection by the 58 most common anti-viral applications

https://www.digitaltrends.com/web/chrome-extension-malware-reposted/

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #3 on: August 17, 2017, 03:02:53 PM »
And another article. Must be the season for them, I haven't tuned my reader to pick them up.

Quote
Banking trojans were eventually spotted showing fake overlays on top of Android Pay and other mobile payment apps, but also apps used for booking flights and hotel rooms.

Now, researchers at Kaspersky Lab have found an Android trojan that collects payment card data from taxi & ride-hailing apps.

This move makes perfect sense, as most ride-hailing apps won't even let users sign up if they don't enter payment card details. This means that users are conditioned to handing over payment card data.

https://www.bleepingcomputer.com/news/security/banking-trojans-set-their-sights-on-taxi-and-ride-hailing-apps/

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #4 on: September 01, 2017, 07:02:44 PM »
[Related]

My tech-inclined kids wonder why I still send paper checks.

http://www.rawstory.com/2017/09/records-of-four-million-time-warner-cable-customers-left-unsecured-gizmodo/

TWC is my ISP.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #5 on: September 08, 2017, 11:37:35 PM »
UK: Bank branch closures
703 set to shut this year. 461 branches closed in 2015, while 583 shut last year. The latest cull brings the total to 1,747 in three years.

The news comes after a British Bankers’ Association (BBA) report in July found almost 20 million people now bank on their mobile phone.

http://www.which.co.uk/news/2017/09/mapped-the-703-banks-closing-this-year/

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #6 on: April 11, 2019, 07:01:40 PM »

- 97% of the apps tested lacked the proper code protection, opening themselves up to reverse engineering or decompiling. …
- 90% of the financial institution (FI) apps shared services with other programs on the device. …
- 83% insecurely stored data. …
- 80% of the FI apps used weak encryption algorithms or incorrectly implemented strong ciphers. …
- 70% of the apps used insecure random number generators to limit access to sensitive information. …

How financial institutions are risking customer data through insecure mobile apps - TechRepublic
https://www.techrepublic.com/article/how-financial-institutions-are-risking-customer-data-through-insecure-mobile-apps/

Drastic

  • Need a bigger hammer...
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3084
  • Resident Redneck
    • View Profile
Re: Don't bank online
« Reply #7 on: April 11, 2019, 11:03:30 PM »
I use CC for anything I can. It's easy to track everything. Those that won't take it get a paper check, and that includes those who charge extra for CC payments.

I trust none of these guys and never have.

Rumbas

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2103
  • Viking Wrath
    • MSN Messenger - rasmussoerensen@hotmail.com
    • AOL Instant Messenger - seorasmus
    • View Profile
Re: Don't bank online
« Reply #8 on: April 12, 2019, 07:56:48 AM »
> Don't bank online

Whaaat?! Sure you should and all and everything else you do financially. I gotta pay them bills and keep the family fed. LOL.

> - 97% of the apps tested lacked the proper code protection, opening themselves up to reverse engineering or decompiling. …

If you only knew how many people and devs we have working across teams to address this.. and we're only the 20th largest financial corp here.

>I trust none of these guys and never have.

Hehehe, we need a 1-1 conversation next month bud. How can you not trust a face like mine? ;)

Drastic

  • Need a bigger hammer...
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3084
  • Resident Redneck
    • View Profile
Re: Don't bank online
« Reply #9 on: April 12, 2019, 12:11:28 PM »
Oh I trust you buddy, but I have my own devs too so I know what the f### is up. hhh

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16268
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #10 on: April 12, 2019, 09:12:03 PM »
It's the damn Ukrainians I don't trust. Sumbitches are smarter than banks.