Bitcoin Forum
October 02, 2025, 02:05:37 AM *
News: Latest Bitcoin Core release: 29.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Other / Off-topic / Re: Good luck reporting any security vulnerabilities to your UK Bank. My Experience on: April 09, 2014, 02:29:57 PM
Quote from: hilariousandco on April 09, 2014, 02:15:46 PM
Quote from: kuroman on April 09, 2014, 02:15:17 AM
Don't waste your time reporting to them, the only thing you should be ready for, is that if you lose money be ready to sue the heck out of them since it's their fault for not being as secure as they claim to be


If you lose money due to fraud ot security problems on their end they'll give you it back. Can't say the same for bitcoins though.

That's true but it also takes time plus there really isn't an excuse for not having security emails. Another thing you have to consider is that Banks also store your details and most have scans of your passport so security vulnerabilities could lead to identity fraud which is a serious problem.
2  Other / Off-topic / Re: Good luck reporting any security vulnerabilities to your UK Bank. My Experience on: April 08, 2014, 10:20:44 PM
Quote from: bitsmichel on April 08, 2014, 10:18:16 PM
Banks are like MtGox  Smiley

Probably the best analogy for my experience, I'v heard so far.
3  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] BlackCoin (BC) | on exchanges | PoS | No premine on: April 08, 2014, 10:00:48 PM
I love this coin, it has a lot of potential and I think the price rise has only just begun. The correction was expected and happens every time, the rocket goes off.
4  Other / Off-topic / Good luck reporting any security vulnerabilities to your UK Bank. My Experience on: April 08, 2014, 09:44:12 PM
This morning as you might be aware the OpenSSL bug called Heartbeat was announced. Here is my and others experience with HSBC, Barclays and Nationwide.

HSBC

I called HSBC, this my personal bank. They seemed to pretend like they knew what I was talking about. I asked to be transferred to some security report line or be given an email. HSBC informed me that everything is fine and as far as they were aware, I had nothing to worry about. I knew that they probably weren't lying considering how long I was on the line. Plus their site and mobile apps don't seem to be running on OpenSSl so I trusted them (Yes, I trusted a Bank.)

Barclays

My parents are on Barclays and use their internet service but I was also more personally invested in this. As many of you, I use the application called pingit. According to this page, http://www.barclays.co.uk/Mobile/BarclaysPingitSoftwaretermsandconditions/P1242607867693 the app uses OpenSSl. Due this being a mobile application it's hard to find out if Heartbleed is being used.

I decided to call them so I can report the possible vulnerability. My experience can be summed up in three points.  
  • 1) They have no security report line or email
  • 2) Customer service didn't seem to care
  • 3) Even calling head office and reporting the issue they were unable to transfer me to a security team or didn't seem to be worried

After 40mins and 5GBP spent on calls later, I was told the internet fraud email. This a internet fraud prevention email not a security report bug email.  Either way, I wrote to them:

Quote
This morning a serious security flaw was announced in the OpenSSl certification.  This certification is currently being used by your mobile banking app pingit as outlined on your site here: http://www.barclays.co.uk/Mobile/BarclaysPingitSoftwaretermsandconditions/P1242607867693 . The security Vulnerability in question is called HeartBleed (http://www.bbc.co.uk/news/technology-26935905) . While doing some testing on my personal servers and trying to confirm the bug, as an outsider attacker on my personal servers I was able to get access to:  user ids, passwords, documents and any communication between users.  In banking this could lead to a lot more problems so please investigate if any of your software especially PingIt is affected as soon as possible.

This turned out no results and I still haven't received an email back. I assumed that this was useless and tried to reach them on twitter. That also turned out no reply.

Nationwide

This not my personal experience and I only know small details of the experience. I was in talks with someone on twitter about this problem, their bank is Nationwide. They were unable to got any results.


Conclusion

I find it amusing how every single Bitcoin exchange has dedicated security emails and even phone lines but massive Banks such as HSBC and Barclays don't. It might be amusing for now but in the long term this a serious problem that has to be addressed.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!