Sunday, September 30, 2018

Something is horribly wrong at PrestoCard

Update - Oct 1, 2018:  So, after several tweets, two emails, and a YouTube video, they patched the hole.

Original post is below this line.

Well, this isn't good.

I will post more to YouTube if new info comes to light. 

Wednesday, September 19, 2018

The increasing frequency of Scotiabank breaches and leaks is worrying

I've maintained for a few years now, that Scotiabank doesn't know what it's doing, and people get put at risk unnecessarily. I have a lot of evidence to back up this opinion.

As many people know, the scale of leaks and issues had previously gotten so bad, I literally got an automated system monitoring huge swathes of banking infrastructure, and keeping tabs on what's vulnerable and what isn't fixed, and on top of that, I tabulate the entire Schedule 1 banks in Canada, just so I can keep an idea of where in the pecking order everyone sits.  

I've not posted much about this for a while, because normally there's simply nothing to say other than "There's no change - it's still all broken and everything is still leaking".  However, I'm posting this article as something of note is apparent to me; The rate of leaks coming out of Scotiabank appears to be increasing rapidly, and the severity of each leak is going up considerably.  

Some context: Scotiabank usually leaks about once a month or thereabouts.  You normally see about 10-15 leaks from them annually.  

Six days ago, Scotiabank publicly published website code, along with database server credentials and the AES decryption key. 

Here's an example of that:

(Click for larger)

This is not a rare event - I've previously seen the keys for their entire SOA posted publicly and had to get the RCMP moving to take it down very quickly, but what was interesting was I noticed today that they just did the same with a Watson Assistant project.

(Click for larger)

This is a worrying trend.  I'm going to step up my observations of Scotiabank, because traditionally, when you see a crack like this, it will widen.

I'll post again when I have more to say on the matter.