There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.
My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.
Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it’s just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can’t be unified into sane standards.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.
My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.
Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it’s just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can’t be unified into sane standards.