Stupid People...

This is just a thing that happened to me today, I thought it was funny and sad at the same time.
I went to Commerce bank to open a new checking account, the woman that helped me was the lead teller. She lectured me on the need to keep my account numbers secret for security purposes and told me all about the rampant identity fraud and how easy it is for hackers to steal account info. and how the bank will help me and my account be safe......
Then she tells me that I can log on to the internet and access my checking account.....
I asked her how you can do that?....She say's I'll Show you.....

She brought up the bank web page, and let me come around the desk so she could show me how easy it was.... and ..........

ENTERED HER USER NAME AND PASSWORD!!!!!!!!!!!!
WHILE I WAS LOOKING OVER HER SHOULDER!!!!!!!!

to top it off she only had a 4 letter password!

I spent the next 10 minutes leturing her on passwords, security and stupidity...
I really hope that she listened and changed her password.

Has anyone else had an experience like this?

I have experienced lots of similar incidents. More often, there are just people who really think you dont know how to do things. They tend to teach you a thing or two and yet they forget that what they're doing contradicts to what they are teaching. Then again, since it seems you know more than her, its like a moral responsibility to teach her or "guide" her. In most banks though, customer service representatives and other bank staff teach you things that they were not really thought well to them... Can't blame them. They're just doing their job. Just be morally upright and do your part in making the world secured of hacking...

cheers! welcome to AO

Quote:

---

cheers! welcome to AO

---

Registered: Dec 2001

LOL, i think the welcome is kinda late :)

Come on, we all were stupid once, and still are in some areas, that why we teach each other !

Quote:

---

Come on, we all were stupid once, and still are in some areas

---

thats 100 % right NemorY thx ... i think that what AO is all about teaching each other ,helping each other to get better ...and u guys doing a great job here
thx all

once when I sneezed a piece of rice came out my nose. does that count ?

Yea, but I managed to sneeze corn out one time... I was lauging really hard while eating and it went up into my nose and then I sneezed really hard and it was stuck, so then it made me sneeze again and it flew out covered in snot.

I had a user log in and he had only a 3 letter password. What's even worse is I said I know your password and he thought I was a liar. When I told him his password he was "amazed". Kinda funny when hitting 3 buttons to log into his e-mail was easy to follow and he thought he was "secure". What makes this even more hilarious is that he still to this day has the same password. Well, I guess security is not for the terminally stupid....

One of the tasks I have been involved with is the installation of a certain Aussi Bank EFT-POS terminals (which Bank?), these are normaly for small and some medium busineses. The terminals come with a default Password.. And is supposed to be changed by the client as the last step during the installation.. Note I said "supposed to be"...
The Client is warned that this should be changed once a month, "or atleast after staff changes" cough (just because the bank turns over staff that quick)

Going back to a site several months later.. I found the system still had the default password.. I changed my practice to entering the old password for the people THEN handing them the terminal to enter the new password..
The terminal suppliers changed the firmware to prevent the client using certain weak passwords.. that was fine ... but the ppl still insisited on using the default.. (it was easy to remember as it was written on the side of the terminal) bugger.. can't deface the terminal.. simple.. pick a random number ( a caculator handy toy) enter the new password BEFORE leaving for the site.. hehe cunning?... nooo.. they liked the look of the number on the terminal..
Ring bank.. as them to advise the Terminal manufacturer to ALso lock out the TErminals Serial Number or stop printing the number in nice bold digits especially the LAST SIX ...
Training the client to use the terminal is normaly 5 to 10 mins, Bank related ****, 15 mins, security lessons 45mins.. and only 5 mins of the whole session sinks in .. and it is usually the time spent asking the Bank related questions..

And security in a Bank..
I was left ALONE in the teller bay, at a local branch, for over 4 mins while doing a terminal swap over..oh and while the tellers were doing a note reconcilliation (counting the bills) .. As soon as I knew I was alone.. I immediatly stood clear of the desk and moved to the center of the room.. I expressed my opinion on the security, signed out from the site..

Security: When the cost of the loss exceeds the pain of change..people become serious

Cheers

Quote:

---

Well, I guess security is not for the terminally stupid....

---

Technically the terminally stupid are really rather secure. Simply because they don't have anything anyone wants.... ;)

In my organization there is a well-known password form for the users, which is similar to the username, they suppose to chaing the password once thier accounts are activated. The most interesting bit is, so many users and staff did not even bother to change thier passwords, althought they have always been the warner and lecturer to change our passwords. I have reached to one ceratin reality "Stupidity Is Endless".

You have a point there Tiger, the true terminally stupid people need someone to turn on a computer so they'd be relatively safe, unless they were so far out that they said, "I need to create a log in for my bank account. Can you help me, and give me a really secure password?" Although I know of some people that store their bank info on their comps (unsecurely) Would that be classified as borrowing if someone uses that info? Well, we could give new meaning to borrowing. Especially, to borrowing with no interest. :) Like Bill Engvall says, "Here's your sign".

o well atleast the place where i live there will be no case of p/w theft and stuff like that for another 5 yrs , well regarding banks can't help that
remember this

artificial intelligence is no match for natural stupidity

lol

I worked at a bank where the network admin was a top-notch anal retentive. I was the
support tech/security admin and the passwords to all 60 computers in the building
had the same 5 letter pasword. Let me put it this way, it was such an easy password
that it could have been discovered after 5 minutes of guessing. .My concerns about this
went unheeded and after a month of cutting my legs out from under me, the admin got me
fired for trying to "subvert" his computer setup.

Lesson learned: "Make sure your admin cares about your welfare and not his job security."

Quote:

---

I worked at a bank where the network admin was a top-notch anal retentive. I was the
support tech/security admin and the passwords to all 60 computers in the building
had the same 5 letter pasword. Let me put it this way, it was such an easy password
that it could have been discovered after 5 minutes of guessing. .My concerns about this
went unheeded and after a month of cutting my legs out from under me, the admin got me
fired for trying to "subvert" his computer setup.

Lesson learned: "Make sure your admin cares about your welfare and not his job security."

---

Actually the password is an easy word for everyone to remember...All the teller windows need to have the same password just different username I.E. TELLER1, TELLER2. EVEN if you guessed the password to the computer, there's not much you can do. To access any account, you would need to know a teller's number and password. OR you would need the username and password to connect to a server which often is quite a few steps, I.E. NCR.
Of course you know that but you're just trying to add something to the thread ;)

SO even if the janitor figures out the password, there's didly squat that he can do other than play solitaire on the computer. Teller windows do not store word/excel files which contain customer's account numbers, or any important information. Manager, Assistant Manager, Loan personel, Head Tellers, and whoever else in the back that is not a teller, have their own username/password to log in the computer, and often they use a similiar way to connect to NCR for example. Branches change by number...I.E. Branch one has Broadway01 for username. Branch two has Saugus02 for username (Usually they're the name of the street, or city that they're located in for easier trackign of the transactions).

EVEN if you were able to use a teller's account to do something, it can be very easily tracked down because tellers balance every night. If they're short or over money, it will be searched for...unless you want to put $.01 in your account every day which will seriusly waste your time.

Cheers ;)

A while ago we agreed to take over the site maintenance for a regional bank. Well, as we began looking over the code and site setup we noticed a few things.

1) The credit card form that was *supposed* to be protected by SSL was not even protected, SSL had not been implemented at all on their server. The site even had a "privacy protected using SSL" notice on the page.

2) This was an NT4 server and it had NO FIREWALL in front of it, no IDS, nothing.

The funny thing is, even with all of the things wrong that we found with the site. Their security guy was only concerned with how secure the connection was while we were transferring new code to the server. The look on his face when I told him how concerned I was when I discovered that they were not using a firewall, amazed me....he could have cared less. He actually thought they were fine, they had never had one and they have had no problems to date.....for all he knew.

Needless to say I began wondering if my bank had the same attitude internally????

One time at band camp...
no lol i have seen a few teachers log on to main schooling accounts with a 1 and 2 letter passes that is like easy to change sum grades that way lol.... it was funny i thought that they would be real hard to get most teaches use last names to i have seen lol but yah that is the closest i have seen to all that...

If the lady was able to enter a 4 letter password, or the guy who said one of his people entered a 3 letter password, thats pretty much the admins fault for not setting the requirement up to at least 6 letters.

I applied for a job at an insurance company; basically a net admin or security administrator. Well they told me that they didn't have any need for security at there office. They offered me a job as a customer service rep. I took it (money is money). After a week on the job,

-I learned that all there computers had no admin passwords
-Everyone openly told me there passwords to work on their computers
-Everyone openly told me there passwords to work on the web interface (which contained all their company data)
-Furthermore, there passwords, when they were there at all, were no longer than 4 chars...

Didn't need any security at their office....

heres a stupid peaple stroy for you....

A small Professional office that I service occasionally when they have odd networking problems gives me a call. The 'kid' that sold them their computers at such a great price had just installed a new machine and it was not running so well. Unbelievably slow! He said to them that he was unable to install their primary application on that computer and that there was a network error and that I should come in to fix it for them.

The first thing I see as I start in on the system is a telltale of some adware. So I load up the trusty S----t program and proceed to remove more than 400 components of ad and spy software. Then, on a whim, I check the antivirus settings. I see in the Program Files that there are both Norton and McKafee. Over kill, but I don't see any of their icons in the system tray, I do a little more checking. Nope. None of them are running. So, rather than fight with either of them, I load up my favorite AV program and proceed to be flabbergast at the number of virus files that it finds.

Okay... new machine. Hmmmmm.....

I go in and look over the system. WOW!! This hard disk sure is crowded for a new machine. So I change the folder options to allow me to see everything. My GOODNESS!! This machine is REALLY loaded.

I start digging into the folders that are out there and I find file after file of pornography, games with various different registered names, a strange mix of Office Suite type program - also licenced to various names. And then the item that ALMOST knocked me over..... The little tecky kid that installed the system and his girlfriend... him h alf naked -- her completely so!!!

Now, I am ticked!!! How dare he do this to a customer!? I decided to open up the system and see if it was a new drive or if he had simply used it as a backup drive while rebuilding his own system. I was actually hoping that I could give him the benefit of the doubt.

Not so. The drive in the machine was more than a year old!!!!

And finally, the icing on the cake. When I confronted him, I got my arse chewed out by him AND his dad - an electronics repairman!!! The kid didn't see anything wrong with what he was doing and had done, and his dad seemed to be standing behind him!!

Yup... I've now seen it all.... and I didn't really want to!

And the moral of the story?? Morals? What morals?? We don't need no stinking morals!!