Outline ·
[ Standard ] ·
Linear+
Chat CIMB kena hack?
|
SUSlowya
|
 Dec 17 2018, 10:50 AM
|
|
CIMB fire fighting team trying to assure panicked customers: QUOTE KUALA LUMPUR: CIMB Bank Bhd has assured its customers that its online banking portal, CIMBClicks system remains secured and all customers' transactions continue to be protected.
“The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMBClicks transactions.
“Apart from ensuring that the system is now able to accommodate passwords longer than eight characters and up to 20 characters, we have also added the reCaptcha security measure on CIMBClicks to ensure the user is not a bot,” it said in a statement on Monday.
The banking group issued the statement to address recent social media news on the alleged insecurity of its online banking portal. https://www.thestar.com.my/business/busines...emains-secured/by adding a 3rd party bot to check user not a bot, lol. This post has been edited by lowya: Dec 17 2018, 10:51 AM |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 11:06 AM
|
|
|
QUOTE(Supreme1394 @ Dec 17 2018, 01:14 AM) Login now and change your password. could it be a trick to entice users to login with capturing users login details in the process? |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 11:26 AM
|
|
|
QUOTE(:3mushy:3 @ Dec 17 2018, 05:42 AM) It would take a computer about 93 TRILLION YEARS Kek but because you added your password to their database, it will be shortern to only 9.3 hours to hack. Thank you for your contribution. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 11:41 AM
|
|
|
QUOTE(bereev @ Dec 17 2018, 10:44 AM) if really a security upgrade they should announce service interuption , but cimb no say anything without prior notice, users will tend to speculate it's a security flaw cover up. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 12:19 PM
|
|
|
QUOTE(MewMeow @ Dec 17 2018, 12:00 PM) e-FD in cimb bank will kena or not?  if hacker click uplift and then transfer. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 12:27 PM
|
|
|
QUOTE(s@ni @ Dec 17 2018, 12:20 PM) if hack, not covered, as far as i understand. cover only if bank failure/busted/ gone... seriously ? we need to confirm this officially. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 01:16 PM
|
|
|
QUOTE(puchongite @ Dec 17 2018, 01:07 PM) So why problem ? Their back end only take 8 characters mah .... it means announcing to hackers to work only on 8 digits, like a clue to make their lives easier. This post has been edited by lowya: Dec 17 2018, 01:17 PM |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 01:34 PM
|
|
|
QUOTE(zul_sur @ Dec 17 2018, 01:21 PM) naise, untung dev dia, public is saying cimb got hacked, but the truth is code like monkey. as a result of 1 suspected can got worm, all other cans need to be opened. forcing human (with 1 brain) to do octopus's (which has 9 brains) jobs, this is the results. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 01:39 PM
|
|
|
QUOTE(HMMaster @ Dec 17 2018, 01:35 PM) The CAPTCHA is just a temporary solution... doubt that they can do a major change in a day. Modifying the system in such a short time might introduce more security flaws if not tested properly. But CIMB should've implemented the login attempt limit or 2 factor authentication. if given a chance, google (through captcha) would love to know your personal data including your real time bank account balance. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 02:02 PM
|
|
|
QUOTE(HMMaster @ Dec 17 2018, 01:42 PM) dont think the captcha is linked to the bank system... it just "authenticate" only. under the captcha logo, click the Terms, you will find Google policies https://policies.google.com/terms?hl=enthat says » Click to show Spoiler - click again to hide... « QUOTE Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
If you have a Google Account, we may display your Profile name, Profile photo, and actions you take on Google or on third-party applications connected to your Google Account (such as +1’s, reviews you write and comments you post) in our Services, including displaying in ads and other commercial contexts. We will respect the choices you make to limit sharing or visibility settings in your Google Account. For example, you can choose your settings so your name and photo do not appear in an ad.
When a Service requires or includes downloadable software, this software may update automatically on your device once a new version or feature is available. Some Services may let you adjust your automatic update settings. which means CIMB automatically divulge clients privacy to google without official client permission, such as user123@gmail.com has a bank account at CIMB with user name "user123" (perhaps even password) with IP address and login pattern. Or how about they can sell your CIMB clients' emails to CIMB competitor? isn't this a form of violation of Data Protection Act, or perhaps against some BNM data protection clauses? |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 10:11 PM
|
|
|
want to change password, but very uncomfortable to login using google captcha product. Can't make up my mind.
Why they have to force their clients to use google products, knowing google always like to capture users data.
|
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 10:16 PM
|
|
|
QUOTE(nightzstar @ Dec 17 2018, 10:14 PM) Just now changed password never key in captcha geh at the login page lah, after you change, next time you will also use captcha every time you login with your new password, right? |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 10:17 PM
|
|
|
QUOTE(Skylinestar @ Dec 17 2018, 10:15 PM) Login already enter captcha. Damn annoyed by it. yea, it's like when you change clothes, someone is always there watching you. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 10:23 PM
|
|
|
QUOTE(arefiq09 @ Dec 17 2018, 10:21 PM) Login become so slow with that captcha cimb let google doing what google do best - crawling and indexing. praying it's not your user names or pwd get crawled. |
|
|
|
|
|
SUSlowya
|
Dec 17 2018, 10:30 PM
|
|
|
QUOTE(MiLKTea @ Dec 17 2018, 10:27 PM) Btw....those using cimbclicks; you know how we need to click 2 times logout to completely logout? Just now after I login then logout, upon clicked on the 2nd logout, the page navigate back to my account page (but loading) cimbclicks is seriously compromised =,=  that's why i don't bother to change password until this storm is over, pretty sure they will implement new policy following this fiasco, perhaps removal of recaptcha, my speculation. |
|
|
|
|
|
SUSlowya
|
Dec 21 2018, 09:53 PM
|
|
|
QUOTE(wotvr @ Dec 21 2018, 07:38 PM) They keep outsourcing to 3rd party! IT dept on tight budget. |
|
|
|
|
|
SUSlowya
|
Dec 21 2018, 10:08 PM
|
|
|
QUOTE(wotvr @ Dec 21 2018, 09:56 PM) Not on tight budget. They find it easier to give to friends co at mark up price. Then receive entertainment and follow up with vendor. I guess they gave up with their own IT dept. kickbacks |
|
|
|
|
|
SUSlowya
|
Aug 14 2019, 07:54 PM
|
|
|
QUOTE(Madgeniusfigo @ Aug 14 2019, 06:49 PM) Lanciao bank ah, worst bank among all banks in malaysia. Everytime transfer money need wait them contact me for verification, irregardless of the amount... kaninei, my money or ur money. 4 years, kenot tahan edi, move all away to other bank only took me 1 year to close it, your patience is above average. |
|
|
|
|
Quote
0.0615sec
0.83
7 queries
GZIP Disabled