| Danske bank fiasco |
[Mar. 26th, 2008|05:03 pm] |
Approximately one year ago danske bank swallowed the second-largest Finnish bank, Sampopankki. Last weekend, the perfectly fine working web-bank was flushed down the toilet and replaced with Danske Banks infrastructure. So far the results are quite horrific:
- People are reporting missing/too much money been shown in their accounts.
- Standard ssl/html based frontend has been replaced by a java applet. Worse, it needs a JNI library. Apparently to sniff your PC configuration. Surprisingly they provide a (ia32) Linux JNI lib as well. Compile once, run to the hills...
- The new webbank has security holes. url's that show a competing banks login prompt instead of sampo/danske bank are circulating on IRC. Apparently the danish website has the same bug too. The bank representative has (so far) refused to acknowledge there is a security hole.
A surprising number people have dismissed the whole issue as "IT business as usual, why complain?". Sure, we all *know* that most IT projects deliver late, fail to work until the first service pack, fail to import data properly from previous versions or simply fail completely. But is that something we should just accept as part of life? Even for banks that are (were) holding our money? |
|
|
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
nchip's journal