[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?

To: Alexander Georgiev <alexander.georgiev@xxxxxxxx>
Subject: Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
From: Christian Sciberras <uuf6429@xxxxxxxxx>
Date: Tue, 16 Oct 2012 11:26:24 +0200

Alex, you just dug your grave there, mate.

;-)






On Mon, Oct 15, 2012 at 9:53 PM, Alexander Georgiev <
alexander.georgiev@xxxxxxxx> wrote:

> Well, if we talk about Banks...
>
> Hypo Vereinsbank (http://en.wikipedia.org/wiki/HypoVereinsbank) has
> kind of a strange security style: The online banking website will
> disable your login once you enter it 3 times wrong. Your login is your
> BANK ACCOUNT NUMBER. To re-enable it you have to go into one of their
> offices IN PERSON and identify yourself by ID card and then they will
> send your new password BY LETTER (not email).
>
> Now, PLEASE, when you go to their online banking site and run your
> one_script_to_block_them_all.py or whatever, PLEASE, skip my bank
> account, ok?
>
> Banking regards,
>
> Alex
>
>
>
> On Mon, 15 Oct 2012 21:10:47 +0200, Rainer Duffner
> <rainer@xxxxxxxxxxxxxxx> wrote:
> > Am 14.10.2012 um 17:15 schrieb auto62098873@xxxxxxxxxxxx:
> >
> >> Santander are a joke when it comes to security. Fed up of two years of
> battling with them to fix issues any other bank would have fixed in
> seconds, things like XSS on login pages etc. Time to hit full disclosure
> with some of these issues in the hope they'll change their game and start
> to take their customers security seriously:
> >
> >
> > I had to chuckle.
> > The Spanish banks gave 100% mortgages to people who could just barely
> > finance the interest at ultra-low rates.
> > Now, they're taking back those houses and flats, evicting the owners
> > (who can no longer pay) and putting them into rented apartments (for
> > slightly less than the interest rates).
> > The banks were bailed-out by the government, which has now got to be
> > bailed-out by the EU.
> >
> > Do you honestly think that "customers" actually exist on the radar of
> > those banks?
> > Hell - who needs customers, when you can have a bail-out?
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
  - From: auto62098873
- Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
  - From: Rainer Duffner
- Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
  - From: Alexander Georgiev

Prev by Date: Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
Next by Date: Re: [Full-disclosure] Is_it_OK_to_hold_credit_card_numbers_ in_cookies?_Santander?
Previous by thread: Re: [Full-disclosure] Is it OK to hold credit card numbers in cookies? Santander?
Next by thread: [Full-disclosure] SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
Index(es):
- Date
- Thread