Frankly, i have done several security assessment to several banks, and most of the risks start all the way from CBK. Those transfers are done are on *.csv files which aren't encrypted and the system used are on FTP service. So, all they rely on, is trust between the banks and the people handling the *.csv files, Epic FAIL! On 8/11/11, Paul Kevin <paultitude@gmail.com> wrote:

Hmm, we have seen the software they use.....

On Thu, Aug 11, 2011 at 12:17 PM, m mugo <mugo2of3@gmail.com> wrote:

...

Is your money really safe with Banks?

The link below and comments to it gets me worried

http://www.nation.co.ke/News/Woman+s+agony+after+account+drained+dry/-/1056/...

Regards, Mugo

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke

-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/

Looking at the situation its as simple as a racket operated by bank tellers. What a coincidence, 5 tellers in 5 branches? That reminds me of a rumour going round about City Hoppa drivers and conductors working together with jackers especially on the riruta route. I think its time some action was taken against such banks....

Apart from the staff in cahoots stuff, I think there's an lack of adequate Information Security on our networks. I also sympathise with the lady who went to the media after 2 years of being taken round in circles by a bank that should in all fair means refund her money; they have ways to mitigate this probably as an operating cost, or a risk covered by insurers. (or classify it as a bad debt :-) ) So where does she go to after this... Our justice system is still a big mess to be sorted, thanks to the forces in place so far. Can you imagine waiting for several years for a case to recover 400K?? Add to that, a reliable source informed me that the the bank in this article was a victim of fraud towards the end of last year. Someone took control of their Pesa Pap system on a Saturday afternoon and withdrew KES 35M around agencies and ATMs before the fraud was discovered. I think tis just a matter of time before organisations in our country take security seriously. Mugo On Thu, Aug 11, 2011 at 1:19 PM, Patrick Karanja <wabethi@gmail.com> wrote:

Ndwex,

let me twist this argument further what will stop the bank from refunding you money from money that you genuinely withdrew and later claim it was not you.

regards

Patrick

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke