David Heath
Thursday, 15 December 2011 21:46
Business IT - Security
ANZ Bank has disabled the use of all online bank statements until a critical flaw is fixed.
The flaw was discovered a week ago by SC Magazine , who gave the Bank a week to address the issue before going public (which they did at 6:30Thursday morning).
Of interest is the very generous statement that "The outsourcer was understood to be considering fixing the bug." A Salmat [the identified outsourcer] spokesperson told iTWire that the company strongly denied any involvement in the development of this system, insisting that the ANZ Bank was the developer.
The issue with the online statements relates to browser histories " the problem being that the statement remains in the browser history after the page is closed. If this is a PC in your own home, it's probably not a problem; but if it's an Internet caf computer, there can be a problem, as the information is easily accessed by the next person using the computer and scanning the recent pages visited.
All parties have recommended that browser histories be deleted after viewing a statement, but this is really only a partial fix.
It was only later that ANZ announced they would disable the service.
留言列表
