Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] Windows based US Commerce Bank hacked - data stolen

  • Subject: [News] [Rival] Windows based US Commerce Bank hacked - data stolen
  • From: "[H]omer" <spam@xxxxxxx>
  • Date: Thu, 11 Oct 2007 21:12:15 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Openpgp: id=BF436EC9; url=http://slated.org/files/GPG-KEY-SLATED.asc
  • Organization: Slated.org
  • User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.6) Gecko/20070811 Remi/2.0.0.6-1.fc6.remi Thunderbird/2.0.0.6 Mnenhy/0.7.5.666
  • Xref: ellandroad.demon.co.uk comp.os.linux.advocacy:566508
Windows 2003 Server bank system pwned:

.----
| Hackers infiltrated the systems of Commerce Bank and accessed the
| records of 20 customers, the US regional bank said today.
|
| The attack by persons unknown was partially thwarted - but not
| before a database of 3,000 records was hacked into and the data of
| 20 exposed. Compromised data included personal information such as
| names, addresses, Social Security numbers, phone numbers and, in a
| few cases, Commerce Bank account numbers, the Columbia Business
| Journal reports.
|
| Security staff shut down the attack and called in police to
| investigate after uncovering the breach a week ago. The FBI is
| investigating.
|
| The method used in the attack is unclear, and something the bank
| will be keen that it stays unclear
`----

http://www.theregister.co.uk/2007/10/11/commerce_bank_hack/


######
12.167.75.17   Windows Server 2003   Microsoft-IIS/6.0

http://toolbar.netcraft.com/site_report?url=commercebank.com
######


When will people ever learn that entrusting sensitive data and
transactions to Windows machines is stupid and dangerous?

Their damage limitation methods are also questionable. Security through
obscurity? Obviously the /hackers/ already know what this vulnerability
is, so what exactly is the point in covering it up? Better to reveal the
truth (Open Source style) and deal with it - get those "many eyes"
working on the solution. Meanwhile their system is compromised. They
couldn't defend against the last attack (20 records slipped through), so
what makes them so confident they can evade the next one? How do they
know they haven't been rooted? The only trustworthy solution now is to
shut down the system, until it can be upgraded to something ... better.

-- 
K.
http://slated.org

.----
| "[Microsoft] are willing to lose money for years and years just to
|  make sure that you don't make any money, either." - Bob Cringely.
|  - http://blog.businessofsoftware.org/2007/07/cringely-the-un.html
`----

Fedora release 7 (Moonshine) on sky, running kernel 2.6.22.1-41.fc7
 21:10:25 up 63 days, 20:05,  5 users,  load average: 0.39, 0.20, 0.27

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index