Privacy of Account Transactions at Big UK Bank

June 30, 2015

My bank–let’s call it The Big Bank–recently let me know of a future new service called “CashBack” where they offer 3% cash back per month on utilities and household bills, e.g. Council Tax, gas, electricity, TV packages, water bills, phone, broadband, and mobile contracts. This “benefit” costs £2 per month.

The bank told me that their calculation for me indicates that I would get approximately £17 per month back. So … the idea is give the bank £2 per month and they give me back £17. Humm. As an “investment” looks to be a no-brainer. Better look more closely.

  • Who is paying the delta between £17 and £2?
  • I can’t imagine The Big Bank taking the hit. So the service provider is probably subsidising this partially or whole? Why can’t the service providers simply reduce their costs instead of this scheme?
  • Use a now-favourite term, this doesn’t seem sustainable. Doesn’t taste well.

Most importantly, why did The Big Bank feel the right to inspect my banking transactions to determine the £17 savings I could incur? They could not compute this possible savings without looking at my banking transactions. Is this proper and in conformance with banking privacy rules, regulations, and law?

Seems as if The Big Bank has a lot of time on their hands to shuffle money around to no benefit to society. I wonder who benefits by how much?

I declined this “benefit”.

Steve Gibson on GameOver Zeus botnet

June 4, 2014

“Strange story … getting headlines … nobody really saying anything … if we knew more, it would be interesting”.

— Steve Gibson, Security Now Podcast, 3 June 2014

Steve explains how this became news because a court in Pittsburgh allowed the FBI to interfere with this existing and criminal botnet. The FBI could not interfere (shutdown) this legally without this court order. The court issued a permission to allow the FBI to interfere with the botnet for a limited duration — 2 weeks.

Presumably this is the basis of the “2-weeks” alarm message that is being spread widely in the UK media (BBC, national press, malware software vendors, etc.). I’ve not seen an explanation of why “2-weeks” reported in the media. Presumably, after the 2-week window ends, the FBI will have no longer taken control of the botnet.

The message is getting through. Relatives are asking me about it. I hear comments at work. People are scared.

Zeus is malware which watches what the computer is doing and is banking-account aware. In the USA, there is no protection for business accounts against this crime. A valid request to transfer (mainly wire transfers) is a valid request, in their eyes. The bank does not care if it was from the legitimate user, or the criminal.

Meantime, yesterday we took one of those phone calls from India where the caller said “I’m from Microsoft Technical Support, and we are calling to inform you that we have detected a virus on your computer.”


TrueCrypt WTF

May 30, 2014

TrueCrypt always had a great reputation. Like that reported by others, I haven’t the foggiest idea about what is going on. But the “news” to me, which I had not appreciated, is that the developers are anonymous. Golly. Had I known that I would have paid no attention to True Crypt.

See Bruce Schnier at TrueCrypt WTF.