Report: “Master key” stolen in Postbank security breach

Plaintext encryption key, stored on a flash drive... How 2000's can you get?

Someone better get enlightened family members to fix this.... Oh, wait, it's already too late ‍♂️
 
So now a new tender will be created for the replacement cards.
So this means that the people involved with the first tender, "stole" the master key or does it mean that they are giving someone else a chance to get the tender for self-enrichment ?
 
The incompetence knows no bounds .
Just when you think you have heard it all , along come shyt like this .
 
One of the internal reports cited in the article, an overview of financial crime, reportedly stated that Postbank found 25,000 fraudulent transactions between March 2018 and December 2019. R56 million was stolen.
Click to expand...
Is that all?
 
Be something seriously wrong if nothing was stolen.
 
wow... just wow. Even the most basic ERP system has an audit trail of who accessed what, when, and what changed. What dinky toy operation got the tender to do PostBank's systems?
 
vetpiet said:
Plaintext encryption key, stored on a flash drive... How 2000's can you get?

Someone better get enlightened family members to fix this.... Oh, wait, it's already too late ‍♂
Click to expand...
Hardly 2000s.
Unless you've replaced flash drives with something else?
Or wait... Let me guess... You store all your stuff in the cloud!
 
envo said:
wow... just wow. Even the most basic ERP system has an audit trail of who accessed what, when, and what changed. What dinky toy operation got the tender to do PostBank's systems?
Click to expand...
The same one used by the banks who can't say how SIM swap fraud can't be picked up in audit trails
 
Last edited:
Daruk said:
Hardly 2000s.
Unless you've replaced flash drives with something else?
Or wait... Let me guess... You store all your stuff in the cloud!
Click to expand...
No, actually we use a physical vault server with in-memory encryption keys. This means the moment you unplug it it, the data stored is useless. We then have to regenerate the encryption keys with three top management passwords to gain access to it again

And I think flash drives only gained popularity in the early 2000's
 
The article described the master key as a 36-digit code which allows anyone to read and write account balances, and read and change information on any of the cards the bank has issued.
Click to expand...

Why on earth would you store the account balance on the card. Surely this should be server side?
 
Napalm2880 said:
Why on earth would you store the account balance on the card. Surely this should be server side?
Click to expand...
I also find this hard to believe. You need a single source of truth...and that shouldnt be a debit card but a secure DB
 
vetpiet said:
No, actually we use a physical vault server with in-memory encryption keys. This means the moment you unplug it it, the data stored is useless. We then have to regenerate the encryption keys with three top management passwords to gain access to it again
Click to expand...
I'm pretty sure your master key is not stored in-memory and is not lost when you unplug the box.
Flash drives are still very much a thing.
Who issues your keys? What industry is that?
 
Last edited:
Napalm2880 said:
Why on earth would you store the account balance on the card. Surely this should be server side?
Click to expand...
I think you misread / misunderstood.
It did not say that balances are written to the card, only that the card can be read and updated.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter