Skip to main content

How UOB's Paper Trail Amplifies IT Greatest Security Threat

UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form.

Yet, this paper trail represented a potential security fail for the bank - Human Error.

So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars.

When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation.

Wrote Robert Capodieci,

My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto@c2podieci.com.

So this meant Mr Capodieci needed to download a form to change his email address and post it to UOB. Simple?

Not exactly, by the time Mr Capodieci received his activation link, he was already in Bali, Indonesia. If he mailed the form out, it would take 3 weeks to reach UOB.

Unfortunately, that would have passed the statue of limitations for the form which was two weeks.

What could Mr Capodieci do?

Set up an email for roberto@c2podieci.com to get his activation link.

The first problem I think for UOB is that its computer does not have an Adobe PDF writer to allow its bank employees to fill in forms by typing out the particulars rather writing it out.

With a stroke of a pen, an activation code was send to the wrong and non-existing email.

However, the ease of Mr Capodieci setting up an email address online to get his activation code put the spotlight on how a human error might have lead to a hacked account.

It would be of great odds that the activation link be send to the wrong person and that wrong person knows how to clone an email.

But sending a letter to solve a email is quite ironic itself.

Comments

Popular posts from this blog

Why is Ramly Burger banned in Singapore?

Yahoo Singapore ran an article of the Ramly Burger by highlighting that it is ban in Singapore.

Yet, the writer from Makansutra failed to address the most important issue of why the Ramly meat patty is banned in Singapore.

A search online easily did highlight that the famous Malaysian meat patty is banned by the AVA but didn't go into details.

Wrote Arlina Arshad for The Straits Times in January 2004,

"But the importing of beef and beef products from Malaysia is not permitted, said theAgri-Food and Veterinary Authority (AVA).

Selling and supplying them without a permit is also an offence, and offenders can befined as much as $50,000 or jailed two years, or both, said the AVA."

In May of the same year, another article highlighted that a man was even charged in court for "smuggling" the Ramly burger in 2004.


"The AVA said that meat products processed in Malaysian food factories which it had notapproved were banned here.Suzali was yesterday jailed for four month…

Did She Run Or Did She "Just Fake It" For Adidas?

Andrea Chong, a Adidas appointed influencer, posted a photo of herself in the middle of the Standard Chartered Singapore Marathon 2015 and captioned how she was "all smiles" during the run.

Unfortunately for Andrea or the PR agency, one of her readers checked her bib number #75148  at the Marathon's website only to find it to belonging to somebody else.

That somebody else is Kuvin Kuar, a intern at Edelman PR and the bib number had a status "DNF" or did not finished.

This raised the first red flag as one of the rules stated that "A Participants is strictly not allowed to transfer his or her race entry to another party".

This cascaded into perceptions that Andrea herself did not even start or complete the race and was only "planted" by Adidas or the PR agency, Edelman PR, to look pretty in the marathon.

Marketing Magazine noted that Adidas declined to comment about the incident which lead to further speculation that Andrea was possibly just …

Kudos To Huawei 2 Year Warranty For P9 Series

When it comes to smartphones, I think I am jinxed.

For my history of owning smartphones, every time it comes close to the end of the two year contract with my mobile service provider. This time round, it happened to my Huawei P9.

All of a sudden, the LCD screen sort of decolourised. I thought it was a temporary issue but the decolourisation lasted for a few hours. Then the nightmare began.

The touchscreen couldn't be touched. This made it the smartphone a brick.

I thought the Huawei P9 only had one year of warrant. With my contract ending in mid-year, I thought I would have to wait it out till the contract ended and allowed me to buy a new phone under a contract.

Luckily, a friend reminded me that the phone came with a 2 year warranty.

So I decided to go to the Huawei service center, right smack in the center of the city, to see if my phone is under warranty and if Huawei would honour their 2 year warranty.

Thankfully, Huawei isn't as popular as the Samsungs or Apples, and the …