Leader: Not another security scare...
Should we just accept that 'shit happens'?
The latest security scare to hit the news involves internet bank Cahoot. A 'concerned customer' discovered a way to log-in to other customers' accounts and a number of drop-jawed commentators, including customers of the bank, prompted by the BBC, have hit out at how shocking the discovery is.And it is. One security expert who saw the evidence and the technique in question was forced to comment: "It was so very simple it is likely it fell below the radar of the hackers."
Amazingly, like a wide open door, the would-be criminals walked right on by assuming 'it can't be that easy'.
It's not a security strategy we would advise but amazingly for all the people out there looking to hack bank accounts, they missed this one - all but the one 'concerned customer' who it would seem is something of a serial would-be 'flaw' finder. According to Abbey, though, this is the first time his concerns have actually been justified.
There are those who sit out there in their bedrooms removing bits of URLs, changing them and replacing them, hitting their 'back' button and hoping to chance upon a discovery.
Whether the customer in this instance falls into this category is unclear but the Abbey certainly seemed to be suggesting he didn't just stumble upon this as a one-off, 'what were the chances?' discovery.
Still everybody needs a hobby and it is often individuals such as this who do bring flaws to the attention of major companies, even if that is perhaps not their sole magnanimous reason for hunting them out - a little publicity and the obligatory 15 minutes to which we are all entitled never hurts.
The BBC went big on the story, including drop-jawed footage of a Cahoot customer who stood and witnessed the reporter access her bank account.
"Close the account," said the woman, suggesting that had suddenly moved to the top of her 'to do' list.
But what has really changed? Tomorrow Cahoot will still have roughly the same number of customers. After all, can anybody really remember if the company they are thinking of switching to has or hasn't been hit with similar problems?
There's a famous statistic which reveals we are more likely to change our spouse than our bank. As such, debate is almost pointless. Cahoot will have learned from its mistake. Those responsible will have been rapped on the knuckles and the nature of the blunder will be painfully embarrassing for all involved.
Of course, it's as well the flaw was raised and it's as well that it has been remedied, but there is an inevitable 'shit happens' attitude where such things are concerned nowadays - which is not to say such apathy is right, but it certainly pervades.