12:04 At that time about the clientbank or when you changed your password in three letters? | |
| The sad tale with a dangling end. There is a firm that has a bank account, there are dozens of transactions per week. Of course, there is a Client-Bank. He was terribly secure, tough and serious, with the keys, digital signature, encrypted two-way traffic, etc. We have an accountant serves the 3 companies, all in one bank, all bank customers to a computer, at all (Warning), the same three-letter password. For reasons of your and my safety will not write it. Get a bank customer in the bank, I immediately asked the tech support staff about changing the password. Employee with a view of injured innocence brought me as a blonde, a printout of the aid, where it says "In the Tools menu, click Change Password, enter your old and new." Oh cool, I thought, and forgot for a while. But under the new 2010 I was going to change your password. Checked 31 December 2009 was the last time through and hit that same button on the Tools menu. Introduced the old password, introduced a new one. Twice introduced. Everything is fine, it works. I think it'll go, I will come. I enter a new password. An error database driver, the password to the DBA has not been identified and generally check the password (screen does not save unfortunately). Everything is so systematic and Latin. Repeated, and repeated twice with the same effect. I think, well, then do not reset the password. I enter my old one. The system produces another error message, civilized, client-bank, saying the password is incorrect. I try to enter 123456 in the password window, I see again civilized Russian message that the password is wrong. What are the implications? That bank-customer database is stored separately, it is password protected (thank Creator), but when changing the password in softiny password to the database does not change (otherwise how to explain the different error message?). Well the new year comes, the bank-client does not work, go celebrate, confident that no one broke into the account exactly once both passwords are not suitable. January 11 to call the bank that same someone from tech support. What turns: 1. All of my hypothesis is correct. Moscow technical support of the bank (or even a developer) "does not recommend changing your password. 2. Change password can be "directly to the DBA» (smart people with Habra, you understand that this spell is this?). 3. Our problem of access can be solved only get a fresh distro with stitched your old password. Last bit predictable. And so it happened - I brought a fresh distribution. Summary. 1. If a PC accountant can sit outside and see the familiar tab for bank-client, it can safely write the password of the three letters and operate your account. 2. On my persistent requests to resolve the issue I received instructions from the 5 lines fax. Tell your manager. On the menu ... should be removed kryzhik ... then go out the window ... etcMy guess what "kryzhik, though to bring the procedure to the end could not. Naturally, that statement was written specially for me and help available. 3. On my descriptions of threats arising from the situation, profanity, transfer of risks that they create their system, nothing intelligible to me is not answered. End I would like rows from a description of the bank-client: Since the system of BS-Client is designed to work with financial documents, security issues in its focus. The system uses cryptographic persistent encryption and digital signature (EDS) of all the data that clients communicate with the Bank. Encryption protects data from being intercepted by an attacker, EDS is uniquely confirms the authorship of the data. Sekurnaya, kosher, competent, secure system. EDS, transport ... Just the passwords for all the same. For convenience. Just change them is impossible. Just in case. For those interested - BS-Client, version 3.15.6.270 PS. Do not forget to remove kryzhik. | |
|
| |
| Total comments: 0 | |