Skip to main content

How UOB's Paper Trail Amplifies IT Greatest Security Threat

UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form.

Yet, this paper trail represented a potential security fail for the bank - Human Error.

So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars.

When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation.

Wrote Robert Capodieci,

My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto@c2podieci.com.

So this meant Mr Capodieci needed to download a form to change his email address and post it to UOB. Simple?

Not exactly, by the time Mr Capodieci received his activation link, he was already in Bali, Indonesia. If he mailed the form out, it would take 3 weeks to reach UOB.

Unfortunately, that would have passed the statue of limitations for the form which was two weeks.

What could Mr Capodieci do?

Set up an email for roberto@c2podieci.com to get his activation link.

The first problem I think for UOB is that its computer does not have an Adobe PDF writer to allow its bank employees to fill in forms by typing out the particulars rather writing it out.

With a stroke of a pen, an activation code was send to the wrong and non-existing email.

However, the ease of Mr Capodieci setting up an email address online to get his activation code put the spotlight on how a human error might have lead to a hacked account.

It would be of great odds that the activation link be send to the wrong person and that wrong person knows how to clone an email.

But sending a letter to solve a email is quite ironic itself.

Comments

Popular posts from this blog

Why is Ramly Burger banned in Singapore?

Yahoo Singapore ran an article of the Ramly Burger by highlighting that it is ban in Singapore.

Yet, the writer from Makansutra failed to address the most important issue of why the Ramly meat patty is banned in Singapore.

A search online easily did highlight that the famous Malaysian meat patty is banned by the AVA but didn't go into details.

Wrote Arlina Arshad for The Straits Times in January 2004,

"But the importing of beef and beef products from Malaysia is not permitted, said theAgri-Food and Veterinary Authority (AVA).

Selling and supplying them without a permit is also an offence, and offenders can befined as much as $50,000 or jailed two years, or both, said the AVA."

In May of the same year, another article highlighted that a man was even charged in court for "smuggling" the Ramly burger in 2004.


"The AVA said that meat products processed in Malaysian food factories which it had notapproved were banned here.Suzali was yesterday jailed for four month…

Did She Run Or Did She "Just Fake It" For Adidas?

Andrea Chong, a Adidas appointed influencer, posted a photo of herself in the middle of the Standard Chartered Singapore Marathon 2015 and captioned how she was "all smiles" during the run.

Unfortunately for Andrea or the PR agency, one of her readers checked her bib number #75148  at the Marathon's website only to find it to belonging to somebody else.

That somebody else is Kuvin Kuar, a intern at Edelman PR and the bib number had a status "DNF" or did not finished.

This raised the first red flag as one of the rules stated that "A Participants is strictly not allowed to transfer his or her race entry to another party".

This cascaded into perceptions that Andrea herself did not even start or complete the race and was only "planted" by Adidas or the PR agency, Edelman PR, to look pretty in the marathon.

Marketing Magazine noted that Adidas declined to comment about the incident which lead to further speculation that Andrea was possibly just …

Muthu The Firefighter Isabelle in 3.412 minutes

You can call her Muthu the firefighter if you bump in today’s featured blogger Isabelle at the popular night club.Social PR chats with Isabelle to find out why she likes cows so much.Who are you? Ie what is your blog name and your real name. Why did you come up with the blog title?I am Isabelle.But you might also know me by my more provincial sounding Chinese name "Xiaoyun". Or "Muthu the firefighter" if you bump into me in clubs when I am high or not thinking staight.My blog "Isabelle Neo" is named after me and "weecloud" is just a word play on my chinese name.What are you? In ten (or so) words, you would describe your blog as: …I am a dreamer and an escapist with a quirky take on life. I blog about topics that interests me, in particular food, fashion, beauty, entertainment and travel. In addition, you also get to view the daily humdrums of (my) life through my eyes.  Editorial Deadline? Ie when should PRs NOT call?I was a public relations exe…