They should learn from Maybank. Maybank has the best mobile apps for now.

PBB is shit. CIMB is shit.

Ya man. PBB app lagi teruk. Maybank app and website is the best. CIMB website is second but their app is shit. PBB is the worst among all.

Just tested. This is so fucking legit man. Pls change ur password guys.

Just change your password guys.

Your old password + any numbers or alphabets can go in weh.

But then hackers need to know your old password la else also no use cannot go in.

I just changed mine and now okay adi.

Yea don't think it's a big concern since the hacker would need to know the first 8 characters correctly. But then it's still so fuckup to know it works as well with 8 characters + any random characters.

Lu coders ke? You are correcto.

Ini code macam intern buat weh.

This is because when they changed the password policy to include special characters, they didn't force everyone to change their password.

Therefore they have to cater logic for old password logic and also new password logic.

But to implement it in this half ass way is plain stupid. This is not some wordpress blog yo. This is a fucking bank.

#programmingtalk

Also, not sure if somebody mentioned before...using Google captcha...which genius thought of that way to do it? Limit the times of failed transaction or use phone secure SMS or TAC la adui.

This post has been edited by Duckies: Dec 17 2018, 01:20 PM

So head siapa yang akan roll on the ground? Sure somebody kena eat the dead cat and take the blame. Head of IT?

So how did they managed to hack into user in the first place? Memang brute force password ke? Even though with that, they still need the USER ID.

Wa kesian, kena suicide to redeem himself/herself. Bukan as usual play the blame game ke?

https://www.nst.com.my/news/crime-courts/20...-back-data-lost

No excuse for that weh. CIMB is not the first day to have e-banking liao. Should have thought of the prevention way before it happens. Not only when hackers knock on the door then only implement some short term solution.

Ya man but look at the situation now...macam jadi more teruk. Compromises security for convenience. When money is related, security takes first ma.

Eh guys, CIMB UAT website is public?

http://uat.cimbclicks.com.my/

But UAT website can show to public?

Bukan for internal only ke?

Coded at the client side aka website there which by right should be at server side only.

There's the checking for special characters as well.

Intern do mia work ke. Or India aneh do mia work. Where got verification done at client side there geh. Now whole world sees the dumb logic/code.

Refer to OldSchoolJoke.

Because they need to cater for old password format which is without special characters. And also because they need to cater for new password with special characters.

Thus this retarded logic.


This post has been edited by Duckies: Dec 17 2018, 02:44 PM