May 5th, 2006
On-line banking. It gets worse (and why SOX sux)
Inspired by a blog that was written fellow ZDNet blogger George Ou, last week, I talked about how Americans are technology, political, and educational laggards and how it will doom them. Ou’s blog talked about how technological laggardliness was causing banks to fail their report cards when it came to online banking. I piled on, basically saying Ou’s expecations weren’t enough. The rest of the world — places like Europe, South Korea, Japan — are leaving us light years behind as we overthink some things and don’t think enough about others. Now, thanks to a recent post by Jon Udell, we’re getting a deeper glimpse into how screwed up the banks and the banking system really are. After fixing a busted online banking page himself and writing about it, Udell updated his blog with some feedback he got:
The problem is that even that one Javascript line still needs to go thru SOX audit before being pushed to production….This is indeed an issue to blame on pointy-haired bosses, but their names are Sarbanes and Oxley.
Meanwhile, while that one line of code gets put under the microscope by some SOX auditor, he or she apparently missed the back door that Udell’s bank had left wide open from a security point of view. Wrote another one of Udell’s readers:
Why isn’t the bank preventing your local page from working? Seems to me that a referrer check, session ID, or something should be required to prove that the form is even being submitted from their own server, rather than someplace else.
Hey! Give that guy a job!
