Loud ramblings of a Software Artisan

Monday 21 March 2005

Charles de Gaulle Airport - Picture of the day, March 20th, 2005

(This post is late)

Waiting for my flight back to Montreal in Terminal 2F in November 2004, I took these with my 20D and the 24-85 lens.

The complete gallery.

Are bank stupid with IT security ?

I'm really scared, but bank are stupid with IT security.

Example 1: they build paper walls to tighten security, for the customer inconveniance. Let's explain. My French bank has an online banking system. Pretty much convenient as I can do everything from there: wiring money, buy stocks, etc. But recently, in order to improve security, to record a bank account number to wire money, you have to call a phone number. The gets annoying because that phone number does not work from outside france and it cost money off course, because this is the french mentality. I finally went thru to get a regular phone number I can call from Canada. I called them, and all the information they ask is public, or easy to obtain; the hardest part is just the login for the banking system, but as an attacker, it is likely you already have it. So the security improvement is just pure decoy. Thank you for hiring competent people.

Example 2: still with the same bank. Last time I went to my branch in France, the teller had a brand new client software to access account information and perform all the operations. It is based on the biggest security treat, the software with which most spyware, virii and trojan horses gets installed on Windows: Internet Explorer. Yes, you read. They replaced all the terminal emulation software with a highly dangerous treat to security. And they manage your money with that. At least their web server seems to be Apache.

Example 3: there are still lot of online banking service that require Internet Explorer. How do you want to protect yourself if your bank ask you to use that security hole ? At least all the banks I use the banking service works with Mozilla / FireFox.