Re: [Skunkworks] [Security Forum] Security Breach on Cfc Stanbic Account
Sorry but you lost me at "trying to fake security breaches in Kenyan Companies" . I also fail to see the correlation between you asserting to be a "Certified Ethical Hacker" from your somewhat well meaning but misguided conclusion leading to "tainted images" and "forensics". If you have been in this forum long enough you would recall discussions around "IS/Info Sec outfits and auditors have come out as simply "Template filling" professional so dont take it personally when security is questioned. Ironically which as a "Certified Ethical Hacker" is your duty to prove otherwise. -tyrus On Tue, Oct 25, 2011 at 5:38 PM, TOM MUSAU <kilonzotom2000@yahoo.com> wrote:
Am a certified ethical hacker, from my analysis, you guys are malicious and want to be popular by trying to fake security breaches in Kenyan Companies, dont dent peoples security image, do proper forensic analysis and give facts
--- On *Tue, 10/25/11, ty <tyruskam@gmail.com>* wrote:
From: ty <tyruskam@gmail.com> Subject: Re: [Security Forum] [Skunkworks] Security Breach on Cfc Stanbic Account To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke>, "[Security Forum]All information security discussions in kenya are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)" <security@lists.my.co.ke> Date: Tuesday, October 25, 2011, 3:54 AM
An interesting thing to note, from my experience, only a handful of local banks and multinationals are PCI/DSS Compliant let alone self assured.
-tyrus
On Tue, Oct 25, 2011 at 4:41 PM, Kevin Omondi <kevin.ouma@gmail.com<http://us.mc1620.mail.yahoo.com/mc/compose?to=kevin.ouma@gmail.com>
wrote:
Could this be an inside Job ?
Regards Kevin
On Tue, Oct 25, 2011 at 4:13 PM, Okumu O. C. Edmund < edmund.okumu@gmail.com<http://us.mc1620.mail.yahoo.com/mc/compose?to=edmund.okumu@gmail.com>
wrote:
Interesting story line there. I do not work for CFC Stanbic except that i am also a dissatisfied customer who fled.
That not withstanding, as an Information Systems Risk specialist I noticed one thing when CFC merged with Stanbic and around that time I started having trouble with my accounts. It so happened that human was interfacing between two systems i.e. The then CFC system and the Stanbic System. I know that alot of work has been done to ensure that this no longer happens (No human interfacing between the two systems), but it still explains what might have transpired during the transition period.
I can imagine fictitious accounts, illegal transfers..... happening like in your case e.t.c.
On Mon, Oct 24, 2011 at 4:19 PM, Kevin Omondi <kevin.ouma@gmail.com<http://us.mc1620.mail.yahoo.com/mc/compose?to=kevin.ouma@gmail.com>
wrote:
Hi Skunks,
On Friday the 21st of October I noticed something strange with my Cfc Stanbic Account. While trying to withdraw money at the International House ATM, I realized from the system that avaibale balance was 300 kshs and Actual balance was the money which I was supposed to be having in my account ( lets for the sake of this discussion say its X shillings)
I reported this issue to the Bank branch and they mentioned that there was a possible problem
On Saturday while trying to withdraw money from the Buru Buru ATM, I got a message insuficient funds. On gettting a mini statement it shows VISA ATM withdrwals of equal amounts i.e x/3 done thrice to 3 decimal points which if added up summed up to x.
This looked like a well calculated hacking job. What I wondered is
cfc cards are not allowed for internet transactions ( at least mine) and furthermore they have no numbers on them. I have had my Card on me since opening my account .
After follow up, they told me that these transactions happened in Mozambique.
My question is what possible scenarios led to the hacking of my account and loss of cash as I have never used it on the net or swiped it anywhere ?
Im puzzled and told it has happened with a number of accounts at Cfc. If you are with the bank, be very careful.
Regards
Kevin
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke<http://us.mc1620.mail.yahoo.com/mc/compose?to=Skunkworks@lists.my.co.ke> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Edmund C. O. Okumu P.O Box 8490-00200, Nairobi, Kenya. TEL: 254-721-734935
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke<http://us.mc1620.mail.yahoo.com/mc/compose?to=Skunkworks@lists.my.co.ke> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke<http://us.mc1620.mail.yahoo.com/mc/compose?to=Skunkworks@lists.my.co.ke> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-----Inline Attachment Follows-----
_______________________________________________ Security mailing list Security@lists.my.co.ke<http://us.mc1620.mail.yahoo.com/mc/compose?to=Security@lists.my.co.ke> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
_______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
participants (1)
-
ty