posted on Apr, 6 2010 @ 10:43 PM
This is an old piece that I ran across... but it seems to me that the information is important to those who don't often consider the impact of the
in their lives....
Small business owner's take note... your PC's could be a devastating financial liability... especially since the banks and the legal system
There’s an interesting post over at Krebs On Security talking about some poor company that is going bankrupt because TD Bank allegedly will not
give them their money back after it was stolen out of their account. Now, I wish I could say this concept is totally foreign to me, but unfortunately
this isn’t the first time I’ve heard this story. I’m under NDAs not to describe the people involved, or the bank involved, but the important
details are nearly identical to this story. Why is this happening?
There is a little known code call the UCC (Uniform Commercial Code) that essentially says that if you are a business and you want to do wire transfers
you are essentially to be treated as a bank. You are probably wincing right now, because it’s just as stupid as it sounds. Note that this is not
true for consumers - but even if your business consists of even one person, you still are treated as a bank.
is just a blogger's
account, but the text is worth the read, and some of the comments are sterling....
Sounds exactly right. I’m now pentesting full time in support of bank auditors, and doing a bit of incident reponse. We’re seeing this all of
the time–banks claiming that the customer was loose with their login credentials, and so it’s not the bank’s fault. The perfect storm is, with
AV only catching ~25% of variants, together w/drive-by download attacks infecting users, many more PCs are infected than we realize. Zeus and other
sophisticated bots have killed the effectiveness of any two-factor authentication on infected machines through man-in-the-middle capabilities.
After speaking with all of my financial institutions about this, I have decided to buy a bigger mattress for my business accounts–none of them will
accept responsibility for the integrity of my funds.
[edit on 6-4-2010 by Maxmars]