台新行動帳單居然走 http 協定 - 資安
By Candice
at 2019-02-04T22:19
at 2019-02-04T22:19
Table of Contents
※ [本文轉錄自 creditcard 看板 #1SLdkJkU ]
作者: bignoob (有我嫩嗎) 看板: creditcard
標題: [討論] 台新行動帳單居然走 http 協定
時間: Sun Feb 3 13:26:36 2019
首先我認為
信用卡帳單應該是極為私密的東西
裡面包含:姓名、卡號末4碼、上月消費明細、額度、自動扣繳帳戶等資訊
上個月不小心在活動登錄時,誤登入台新銀行"行動帳單"的活動
誤登入還好,可以進 PC版台新網銀取消,取消步驟:
https://www.ptt.cc/bbs/creditcard/M.1539620480.A.D8C.html
但是收到這個行動帳單就覺得不OK了
行動帳單的網址格式如下:
http://bhurecv.taishinbank.com.tw/taishin_ba/OnlineBill.aspx?v=XXX&u=XXX
v=
u=
為兩個參數
點進去之後,輸入身分證字號即可看到帳單
但是
但是
但是
台新居然使用 http 協定
http協定並沒有加密,你傳送和回應的任何東西,在傳輸過程都可以輕易被攔截
網址中的v參數和u參數被知道沒關係
但是你的身分證字號也是明碼在網路上送耶 !!!
許多瀏覽器在你使用 http 傳輸個人私密資訊時都會提示你了
台新居然不知道???
有申請的人趕快改回電子帳單吧
這個行動帳單,其實已經推行一年多了
一年多了喔 台新整整一年都在用 http 送帳單資訊出去
沒人發現?
不知道 http 嚴重性?
還是 ?_?
--
作者: bignoob (有我嫩嗎) 看板: creditcard
標題: [討論] 台新行動帳單居然走 http 協定
時間: Sun Feb 3 13:26:36 2019
首先我認為
信用卡帳單應該是極為私密的東西
裡面包含:姓名、卡號末4碼、上月消費明細、額度、自動扣繳帳戶等資訊
上個月不小心在活動登錄時,誤登入台新銀行"行動帳單"的活動
誤登入還好,可以進 PC版台新網銀取消,取消步驟:
https://www.ptt.cc/bbs/creditcard/M.1539620480.A.D8C.html
但是收到這個行動帳單就覺得不OK了
行動帳單的網址格式如下:
http://bhurecv.taishinbank.com.tw/taishin_ba/OnlineBill.aspx?v=XXX&u=XXX
v=
u=
為兩個參數
點進去之後,輸入身分證字號即可看到帳單
但是
但是
但是
台新居然使用 http 協定
http協定並沒有加密,你傳送和回應的任何東西,在傳輸過程都可以輕易被攔截
網址中的v參數和u參數被知道沒關係
但是你的身分證字號也是明碼在網路上送耶 !!!
許多瀏覽器在你使用 http 傳輸個人私密資訊時都會提示你了
台新居然不知道???
有申請的人趕快改回電子帳單吧
這個行動帳單,其實已經推行一年多了
一年多了喔 台新整整一年都在用 http 送帳單資訊出去
沒人發現?
不知道 http 嚴重性?
還是 ?_?
--
Tags:
資安
All Comments
By Dora
at 2019-02-06T22:31
at 2019-02-06T22:31
By Kelly
at 2019-02-08T22:42
at 2019-02-08T22:42
By Hedda
at 2019-02-10T22:53
at 2019-02-10T22:53
By Jake
at 2019-02-12T23:04
at 2019-02-12T23:04
行動帳單做的超陽春還80port, 根本大漏洞
By Victoria
at 2019-02-14T23:15
at 2019-02-14T23:15
By Regina
at 2019-02-16T23:26
at 2019-02-16T23:26
我都首先懷疑是詐騙,居然還有銀行會用http,頗恐
怖
By Cara
at 2019-02-18T23:38
at 2019-02-18T23:38
By Valerie
at 2019-02-20T23:49
at 2019-02-20T23:49
By Heather
at 2019-02-23T00:00
at 2019-02-23T00:00
By Anonymous
at 2019-02-25T00:11
at 2019-02-25T00:11
By Thomas
at 2019-02-27T00:22
at 2019-02-27T00:22
By James
at 2019-03-01T00:33
at 2019-03-01T00:33
By Rebecca
at 2019-03-03T00:45
at 2019-03-03T00:45
By Hedy
at 2019-03-05T00:56
at 2019-03-05T00:56
By Ivy
at 2019-03-07T01:07
at 2019-03-07T01:07
By Madame
at 2019-03-09T01:18
at 2019-03-09T01:18
By Queena
at 2019-03-11T01:29
at 2019-03-11T01:29
By Bethany
at 2019-03-13T01:40
at 2019-03-13T01:40
By Eartha
at 2019-03-15T01:52
at 2019-03-15T01:52
大,這個為啥會被金管會罰?好奇^^\\
By Linda
at 2019-03-17T02:03
at 2019-03-17T02:03
By George
at 2019-03-19T02:14
at 2019-03-19T02:14
By Charlotte
at 2019-03-21T02:25
at 2019-03-21T02:25
By Bennie
at 2019-03-23T02:36
at 2019-03-23T02:36
By Hamiltion
at 2019-03-25T02:47
at 2019-03-25T02:47
By Kelly
at 2019-03-27T02:59
at 2019-03-27T02:59
By Frederic
at 2019-03-29T03:10
at 2019-03-29T03:10
By Franklin
at 2019-03-31T03:21
at 2019-03-31T03:21
By Selena
at 2019-04-02T03:32
at 2019-04-02T03:32
By Gilbert
at 2019-04-04T03:43
at 2019-04-04T03:43
By Emma
at 2019-04-06T03:54
at 2019-04-06T03:54
By Valerie
at 2019-04-08T04:06
at 2019-04-08T04:06
By Gary
at 2019-04-10T04:17
at 2019-04-10T04:17
By Andy
at 2019-04-12T04:28
at 2019-04-12T04:28
By Edith
at 2019-04-14T04:39
at 2019-04-14T04:39
By Erin
at 2019-04-16T04:50
at 2019-04-16T04:50
By Yedda
at 2019-04-18T05:01
at 2019-04-18T05:01
By Suhail Hany
at 2019-04-20T05:13
at 2019-04-20T05:13
By Adele
at 2019-04-22T05:24
at 2019-04-22T05:24
By Suhail Hany
at 2019-04-24T05:35
at 2019-04-24T05:35
By Dinah
at 2019-04-26T05:46
at 2019-04-26T05:46
By Damian
at 2019-04-28T05:57
at 2019-04-28T05:57
By Donna
at 2019-04-30T06:08
at 2019-04-30T06:08
By Oscar
at 2019-05-02T06:20
at 2019-05-02T06:20
By Linda
at 2019-05-04T06:31
at 2019-05-04T06:31
By Bennie
at 2019-05-06T06:42
at 2019-05-06T06:42
笑死
By Daniel
at 2019-05-08T06:53
at 2019-05-08T06:53
By Christine
at 2019-05-10T07:04
at 2019-05-10T07:04
By Daniel
at 2019-05-12T07:15
at 2019-05-12T07:15
料給信用卡部門進行審核的bug解不掉了
By Hedda
at 2019-05-14T07:27
at 2019-05-14T07:27
By Hedwig
at 2019-05-16T07:38
at 2019-05-16T07:38
By Kama
at 2019-05-18T07:49
at 2019-05-18T07:49
就不會被攔截
By Lauren
at 2019-05-20T08:00
at 2019-05-20T08:00
By Joseph
at 2019-05-22T08:11
at 2019-05-22T08:11
By Agnes
at 2019-05-24T08:22
at 2019-05-24T08:22
By Hardy
at 2019-05-26T08:34
at 2019-05-26T08:34
By Charlotte
at 2019-05-28T08:45
at 2019-05-28T08:45
telnet
By Kristin
at 2019-05-30T08:56
at 2019-05-30T08:56
By Agnes
at 2019-06-01T09:07
at 2019-06-01T09:07
會被攔截 這是錯的
By Catherine
at 2019-06-03T09:18
at 2019-06-03T09:18
By Adele
at 2019-06-05T09:29
at 2019-06-05T09:29
By Poppy
at 2019-06-07T09:41
at 2019-06-07T09:41
By Rosalind
at 2019-06-09T09:52
at 2019-06-09T09:52
By Hardy
at 2019-06-11T10:03
at 2019-06-11T10:03
By Rachel
at 2019-06-13T10:14
at 2019-06-13T10:14
By Una
at 2019-06-15T10:25
at 2019-06-15T10:25
樣的銀行app就知道
By William
at 2019-06-17T10:36
at 2019-06-17T10:36
,要在這裡發文?
By Madame
at 2019-06-19T10:48
at 2019-06-19T10:48
By Carolina Franco
at 2019-06-21T10:59
at 2019-06-21T10:59
By Eartha
at 2019-06-23T11:10
at 2019-06-23T11:10
By Rosalind
at 2019-06-25T11:21
at 2019-06-25T11:21
碼嗎。網路時代孩子的教育依然不能等啊。
By Frederica
at 2019-06-27T11:32
at 2019-06-27T11:32
的個資阿
這根本兩回事 硬扯在一起
By Blanche
at 2019-06-29T11:43
at 2019-06-29T11:43
看基本帳單資訊,好像也沒用https的必要啊…看個帳單要不要
再幫你兩步驟驗證一下?
By Frederica
at 2019-07-01T11:55
at 2019-07-01T11:55
By Vanessa
at 2019-07-03T12:06
at 2019-07-03T12:06
By Edith
at 2019-07-05T12:17
at 2019-07-05T12:17
df寄來
By Sandy
at 2019-07-07T12:28
at 2019-07-07T12:28
By Brianna
at 2019-07-09T12:39
at 2019-07-09T12:39
By Valerie
at 2019-07-11T12:50
at 2019-07-11T12:50
By Isla
at 2019-07-13T13:02
at 2019-07-13T13:02
By Yedda
at 2019-07-15T13:13
at 2019-07-15T13:13
By Caroline
at 2019-07-17T13:24
at 2019-07-17T13:24
平常不要透過別人的設備(wifi熱點 proxy)連網路就好 之前在
By Andy
at 2019-07-19T13:35
at 2019-07-19T13:35
By Daniel
at 2019-07-21T13:46
at 2019-07-21T13:46
By Thomas
at 2019-07-23T13:57
at 2019-07-23T13:57
By Xanthe
at 2019-07-25T14:09
at 2019-07-25T14:09
By Caroline
at 2019-07-27T14:20
at 2019-07-27T14:20
吃https就好了啊 大驚小怪
By Skylar Davis
at 2019-07-29T14:31
at 2019-07-29T14:31
By Bethany
at 2019-07-31T14:42
at 2019-07-31T14:42
By Linda
at 2019-08-02T14:53
at 2019-08-02T14:53
By Liam
at 2019-08-04T15:04
at 2019-08-04T15:04
By Noah
at 2019-08-06T15:16
at 2019-08-06T15:16
By Faithe
at 2019-08-08T15:27
at 2019-08-08T15:27
By Audriana
at 2019-08-10T15:38
at 2019-08-10T15:38
By Sierra Rose
at 2019-08-12T15:49
at 2019-08-12T15:49
他嗎?
By Regina
at 2019-08-14T16:00
at 2019-08-14T16:00
By John
at 2019-08-16T16:11
at 2019-08-16T16:11
By Annie
at 2019-08-18T16:23
at 2019-08-18T16:23
討報告了
By Kelly
at 2019-08-20T16:34
at 2019-08-20T16:34
By George
at 2019-08-22T16:45
at 2019-08-22T16:45
By Harry
at 2019-08-24T16:56
at 2019-08-24T16:56
By Tristan Cohan
at 2019-08-26T17:07
at 2019-08-26T17:07
By Lauren
at 2019-08-28T17:18
at 2019-08-28T17:18
機敏性資料還是得用POST來傳
By Lydia
at 2019-08-30T17:30
at 2019-08-30T17:30
y
By Erin
at 2019-09-01T17:41
at 2019-09-01T17:41
By Hedy
at 2019-09-03T17:52
at 2019-09-03T17:52
誰有興趣? 反正您不在意對吧
By Sierra Rose
at 2019-09-05T18:03
at 2019-09-05T18:03
By Poppy
at 2019-09-07T18:14
at 2019-09-07T18:14
By Hardy
at 2019-09-09T18:25
at 2019-09-09T18:25
By Victoria
at 2019-09-11T18:37
at 2019-09-11T18:37
By Vanessa
at 2019-09-13T18:48
at 2019-09-13T18:48
修正的還蠻快的,感覺還是非常重視資安 至少有重視用戶
的回饋,大家可以看一下自己的帳單有沒有修正~
By Emily
at 2019-09-15T18:59
at 2019-09-15T18:59
By Hedda
at 2019-09-17T19:10
at 2019-09-17T19:10
Related Posts
史上「最大規模」7.73億筆電子郵件帳密遭
By Ursula
at 2019-01-18T14:59
at 2019-01-18T14:59
email被加註gsn suspected spam
By Sandy
at 2019-01-15T10:49
at 2019-01-15T10:49
資策會ISO27002資訊安全管理國際認證班
By Dinah
at 2019-01-14T14:53
at 2019-01-14T14:53
購票App遭「天才駭客」詐款20萬!高鐵硬起來
By Belly
at 2019-01-13T00:05
at 2019-01-13T00:05
專注中文情蒐的情報餵送公司
By Dinah
at 2019-01-09T16:01
at 2019-01-09T16:01