On 2 Jul 2001, a reporter for a local newspaper wanted to check his on-line
account with the Berliner Sparkasse. Imagine his surprise to find lots of
interesting data about an account and loans - except that they were not his.
About 50 persons could not access their own accounts, they were presented
with data from other people. The bank assures us, that no funds could be
transferred, it was "just" possible to see how much money was in the
accounts and to see the last transactions.
They immediately removed the on-line banking from the net. The official
problem source, according to a spokesperson from the bank, was "strain"
(Ueberlastung) on the systems. The company DefCom Security worked feverishly
to get it back on line by Tuesday, but forgot that they had fooled with the
certificates. Users were presented with a screen warning them that the
certificate was issued by a company that was classified as not
trustworthy.... Maybe it's time to change banks?
If you read German, you can find more information at
http://www2.tagesspiegel.de/archiv/2001/07/03/ak-in-6611353.html
http://www2.tagesspiegel.de/archiv/2001/07/03/ak-be-447917.html
Prof. Dr. Debora Weber-Wulff
FHTW Berlin, FB 4, Internationale Medieninformatik
Treskowallee 8, 10313 Berlin
Tel: +49-30-5019-2320 Fax: +49-30-5019-2300
weberwu@fhtw-berlin.de http://www.f4.fhtw-berlin.de/people/weberwu/ [Debora Weber-Wulff via risks-digest Volume 21, Issue 50]
0:00
#
G!
