Finnish Sampo bank switched over to Danske Bank's information systems. This merge took over 14 months with over 3100 persons. And results was rather embarrassing.
Their online customer pages have numerous XSS vulnerabilities. In practice this means that malicious content can be injected on the web page while user sees the original domain on the URL field. There are many example floating around internet. Here is a screenshot.
The online banking is implemented with Java applet and some native code. The purpose of this native code is unknown but curious minds have already analyzed applet. Here is one wikipage.
Because there are also other problems with their banking systems the online banking has been working badly and customers have experienced bizarre issues. Balance is not matching reality, some functionality is not available and also normal ATM withdraw transactions have failed with some Sampo customer. The latest and also pretty severe problem happened to a poor customer whose mortgage payment was taken twice.
No wonder Sampo-Danske bank customers are angry and changing bank. As soon as their system is back online.
Archive for March of 2008
Bad example of new banking application introduction
March 27, 2008
Frustration with Windows and lack of my favorite tools
March 15, 2008
Recently I got a task to setup up Tomcat running on a Windows 2000 server vmware image and configure some web applications to run on it. It had already SQL Server (version 8 or so) running on it. Yea, not really the most modern software and definitely not my favorites...
Restoring the database from a file was not that complicated but took some time to figure out how to refresh the view. Setting up tomcat was a bit trickier as I missed one setting in its configuration. But the most frustrating thing was that the setup lacked all the tools I would have used on a unix platform.
Actually the list of my every day command line tools is not too long. Couple consoles with cd, mv/cp, grep, vi and tail are usually enough for setup and config tasks. But now I was doing endless clicking around and the progress was a bit slow. If I have to touch that again I'd better gather my own toolset for Windows or hire my own outsourced setup monkey.
Restoring the database from a file was not that complicated but took some time to figure out how to refresh the view. Setting up tomcat was a bit trickier as I missed one setting in its configuration. But the most frustrating thing was that the setup lacked all the tools I would have used on a unix platform.
Actually the list of my every day command line tools is not too long. Couple consoles with cd, mv/cp, grep, vi and tail are usually enough for setup and config tasks. But now I was doing endless clicking around and the progress was a bit slow. If I have to touch that again I'd better gather my own toolset for Windows or hire my own outsourced setup monkey.