mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

Aral Balkan

This is an actual email from an actual Irish bank.

How these muppets aren’t hacked on a daily basis is beyond me.

(Note: this was in response to me telling them that no, I won’t be sending you private bank statements over unencrypted email, thank-you-very-much.)

*smh*

@aral They are a total joke. They get credit card numbers over the phone. They can't even open an account in a timely manner. Everything is a struggle with Irish banking. And they are probably confused why Revolut is too big now.

@fsniper Yeah. The incompetence is mind boggling.

@aral I wish they would send their high level executives to Turkish banks for a weeks collaboration. So that they could see how thing could be better. Not saying getting unsafe practices but their good practices.

@fsniper But then we’d just end up with all our details in Erdoğan’s hands, no? :)

@aral Considering banking aren't they already are? They have these data sharing agreements.

@aral that's..... that's quite something

@aral Good lord.

What is it with banks and fundamental security flaws? This is up there with "put your banking app on the same smartphone that has the 2FA app".

@aral @Sevoris Bank of Ireland's banking app is its 2FA app also!

@eibhear @aral @Sevoris THIS! It makes me go nuts! And managers at most freaking banks think that is how its done! I work in the finance industry and can tell anecdotally that most are actively working on integrating 2FA into their banking app - because all neo-banks do it that way... and it reduces maintenance efforts by X%... sometimes I wish to be a person without morale and blackhat the shit out of this idiocy

@buddhaha @eibhear @aral Good lord that‘s… what the heck. Argh.

@Sevoris you forgot those with "no need for a separate 2FA, we've integrated that with our main app", right? 🤦‍♂️ @aral

@buddhaha oh gosh, one of those indeed… Apply for 2 credits then with them, the second one should be covered by the first, no? @Sevoris @aral @eibhear

@aral "Please write all your confidential information onto a postcard and post it to this address. We promise we'll take good care of it and treat the data very securely if and when it ever arrives..." 😬

@nigenet Almost exactly what I told them in the email that this was in response to.

@aral ask for their gpg fingerprint so you can encrypt the information before sending it 😂

@skribe The BOI security team are so hardcore they don’t need encryption.

@skribe If someone intercepts a message, Colm from IT tracks them down and gives them a good smack upside the head.

@aral it doesn’t surprise me… That reminds me I should check if the government finally find someone for highest infosec position in the country. Ah yes, in 2022 after 18 months…

@aral BoI is a shit show. I have no idea how their CTO still has a job

@aral What a coincidence. I'm studying security and considering moving to Ireland. Maybe I can get contract work helping banks develop sane practices.

@Alephwyr @aral
... if they WANT help at all!
Seems like they have no idea whatsoever.

@Alephwyr That would require them to acknowledge they have a problem first :)

Good luck with the move + let me know if there’s anything I can help with from here.

@aral So not surprising. Welcome to the real tech-world were cosplaying engineers and Synergy Gregs run the show.

@aral they are being targeted for phishing with alarming frequency TBH

@aral

The illusion of email being a secure medium is staggering. The other day I had the HR dept where I work ask me to send bank statements and SIN equivalent through the mail. A while back I had a foreign embassy ask me to send birth and citizenship documentation via email.

Stunning.

I think it's mainly down to the illusion of "everyone uses email, so it must be safe".