I told them about the XSS (CSS) security holes 2 months ago -
response was something like: "We will work on it; or we wont - but we wont tell you;)".
Which sucks...
Hi there - I am from germany and my banks webpage is totally unsecured against XSS (Cross-Site-Scripting) -
I found a COUPLE of holes about 2 months ago and immediately emailed the adminstrators of the website;
The bank is a pretty famous German financial institute and they actually have a "https" "secured" webpage just for ebanking; And exactly that website is full of security holes.
I give you a short example:
They have a couple more of those... and the admins never responded - I just got a response with something like "Thanks for telling us, we will look into it, but dont expect any answers / changes".
I am pissed - actually thats the bank I am a customer of -- my local banks website is even worse...
damn.. and they promote their website as "secure" and tell the customers to look at the links they get in phising - I am sorry guys, but if any phiser is reading this.. *smile*
What am I supposed to do in that case? I even CALLED them...
The company that is supposed to secure the website, has holes, too - and they dont close em either.. is that only germany or are all those companies crazy and dont give a poop for their customers security?
Slashdot Mirror
Argh... sorry. I am wrong - last page of the forum post says something about a second screen - sorry!
http://forums.msiwind.net/osx-guides/guide-glowing-apple-logo-using-lcd-backlight-wiring-t9266.html and from Hackintosh: "..hacking a hole in the lid of his netbook and letting the LED backlight shine through. He even ordered an old iBook lid from Ebay to mount in his hole." http://blog.wired.com/gadgets/2009/02/hackintosh-with.html
response was something like: "We will work on it; or we wont - but we wont tell you
Which sucks...
Here we go:
Original:i on=SelectMenu&SMID=EigenesOrderbuch&MenuName=&Init Href=http://www.consti.de/secure
/Fälschung --> Imitation /
https://www.vr-ebanking.de/index.php?RZBK=0280
MY Version (XSS):
https://www.vr-ebanking.de/help;jsessionid=XA?Act
... Hope they change their mind, sometime. :)
Consti / thr0n
I found a COUPLE of holes about 2 months ago and immediately emailed the adminstrators of the website;
The bank is a pretty famous German financial institute and they actually have a "https" "secured" webpage just for ebanking; And exactly that website is full of security holes. I give you a short example:
Original:i on=SelectMenu&SMID=EigenesOrderbuch&MenuName=&Init Href=http://www.consti.de/secure
/Fälschung --> Imitation /
https://www.vr-ebanking.de/index.php?RZBK=0280
MY Version (XSS):
https://www.vr-ebanking.de/help;jsessionid=XA?Act
They have a couple more of those ... and the admins never responded - I just got a response with something like "Thanks for telling us, we will look into it, but dont expect any answers / changes".
I am pissed - actually thats the bank I am a customer of -- my local banks website is even worse ...
damn.. and they promote their website as "secure" and tell the customers to look at the links they get in phising - I am sorry guys, but if any phiser is reading this .. *smile*
What am I supposed to do in that case? I even CALLED them ...
The company that is supposed to secure the website, has holes, too - and they dont close em either..
is that only germany or are all those companies crazy and dont give a poop for their customers security?
I beg for responses and help,
Consti / thr0n
...the title. Wins 5, no 3 Tony Awards? I mean it won 3 out of the 5 it was nominated for, right? Just wondering...
Mirror on Majorgeeks: http://www.majorgeeks.com/download4222.html
Main page GCached: http://216.239.59.104/search?q=cache:http%3A%2F%2F www.hamar.sk%2Fsphere%2F
http://216.239.59.104/search?q=cache:http%3A%2F%2F www.hamar.sk%2Fsphere%2Fscreenshots.htm
Sounds. Uhm. Random. :P