Reply to post: Re: Sounds horribly complicated

Analysts apply Occam's razor to Tesco Bank breach

macjules Silver badge

Re: Sounds horribly complicated

Worrying about highwaymen and mail coaches is rather apt, Think Russia vs Democrat Party's mail servers.

I go with the 'payment system compromise' option as being the Occam's Razor argument for the most likely explanation with the least number of factors affecting that explanation. Security companies must have been warning Tesco for a good 9 years now that they were heading for a total meltdown in every single one of their online portals. Here's a few examples that I can recall off the top of my head:

  • In 2012 they were warned that using IIS6 with .Net1 for the online shopping payments system was not good for security
  • Likewise, sending customers plaintext emails with their password on 'I have forgotten my password' requests was bad.

  • Storing customers' credit card details in a plaintext cookie was wrong.

  • Redirecting customers back to an insecure (non SSL) page for payment conformation, despite showing the confirmation code from the payment portal, was wrong.

Sorry Tesco, but it looks like the vultures (excuse the ElReg pun) may have come home to roost.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020