FNB small security bug

[bar1]

Hi, does anyone know if FNB offer a reward if you find security issues?
I think i found a small bug, probably not a big deal....(not log4j....)

 

[CranialBlaze]

Considering they create them themselves, probably not.

Good luck reporting it to someone who has the faintest clue of what you talking about.

 

[mercurial]

1) Exploit it
2) Profit???

 

[epah]

Considering they create them themselves, probably not.

Good luck reporting it to someone who has the faintest clue of what you talking about.

 

[saor]

You email them you'll probably get something like:

Dear xxxxxxxxxxx,

We apologize for the inconvenience. How can we assist further?

Regards,
yyyyyyyyyyyyyyyyyyyy

 

[RonSwanson]

One would be forgiven for thinking that a prominent consumer focused bank would have a RFC2350 compliant CERT or CSIRT, together with publicly available contact details and (at least) public PGP keys, but sadly FNB seems to believe that putting the SAPS's contact details up will suffice under Important Numbers

I honestly believe that your finding/s, and subsequent messages would be treated with complete disdain. With SA's banks, this would also be somewhat due to millions of wannabee crackers who have "discovered HUGE security holes" (like scoring a B minus on an SSLLABS test), but without having a reasonably adept, efficient and competent team to evaluate such claims, FNB clearly does not want to know about genuine security issues.

I say fuggem.

 

[Herr der Verboten]

Hi, does anyone know if FNB offer a reward if you find security issues?
I think i found a small bug, probably not a big deal....(not log4j....)

 

[bar1]

What i found will not allow hackers into your accounts, but if it's exploited further...who know?

 

[Abu Bakr]

What i found will not allow hackers into your accounts, but if it's exploited further...who know?

Interesting!!!

 

[Herr der Verboten]

What i found will not allow hackers into your accounts, but if it's exploited further...who know?

Interesting!!!

Is this like a vagina monologue?

 

[mercurial]

What i found will not allow hackers into your accounts, but if it's exploited further...who know?

Inspect Element doesn't count.

 

[Abu Bakr]

Is this like a vagina monologue?

Nee dit is nie jy taal nie

 

[gregmcc]

Almost zero chances of being rewarded.

 

[CranialBlaze]

Almost zero chances of being rewarded.

You never know, may tops a few eB he’s way

 

[Herr der Verboten]

Almost zero chances of being rewarded.

Perhaps the OP expects a toy or star for his/her head?

 

[B-1]

I normally just email it to a few email addresses and then its their baby. Most I ever got over the years was a thanks reply and typically nothing allthough they do tend to fix the reported issues.

 

[Fulcrum29]

You email them you'll probably get something like:

Dear xxxxxxxxxxx,

We apologize for the inconvenience. Please visit your branch for further assistance.

Regards,
yyyyyyyyyyyyyyyyyyyy

FTFY.

 

[borro]

 

[Fulcrum29]

View attachment 1215150

Who won this month?

 

[deweyzeph]

No good deed goes unpunished. Best to keep it to yourself.