Learn More
Resend Email
42
johnmelodyme
3y

So my marketing dept request us to perform a SQL injection to someone's bank account. I refuse to do it.

1. Most bank no longer use Relational Database , they use something like NoSQL Database.

2. Even if the bank Use Relational Database system, I assume their security must be high, validating my session maybe...

3. I am not going to do shit like this for illegal purposes, well this task sounds super illegal to me

4. Hacking is not a part of my job description. I was hired to be a Senior Fullstack Mobile App Developer.

This is screwed up !

rant

company

bank

sql
Favorite
Ranter
Comments
  • 8
    3y
    @UnicornPoo I live in Malaysia. I know this is illegal , I have been telling them that I am not going to do it.
  • 8
    3y
    Dafuq they trying to do, inject a few zeros in their bank account?
  • 7
    3y
    @C0D4 he called me to perform an injection to a customer's bank account to deduct 500MYR as a service .

    It is absurd I know ...
  • 11
    3y
    Well you said you where working for a scammer two days ago. So this should not be a surprise. I do wonder why marketing has something to do with this "service". Anyway name sure you get it in writing and add it to your dossier.
  • 9
    3y
    (Send an anonymous tip to the police)
  • 18
    3y
    @johnmelodyme Even if you could perform an SQL injection on that bank account, you'd have to fiddle around to deduct the precise table names, and even after doing so, it would just make the client poorer, but not the company richer...

    It clearly seems the guy who asked you to do that just watched a video about SQL injections and thought that it could be useful without knowing anything about how or why/when it works.
  • 9
    3y
    @hjk101 I launch a report to the authority, but no reply.
  • 0
    3y
    @pipe yeap
  • 8
    3y
    Get out of there asap. Even if you're not doing it, you could be framed as someone who is (or framed for something much worse, they sound shady as anything.)
  • 7
    3y
    1. Most bank no longer use Relational Database , they use something like NoSQL Database.

    ???
  • 2
    3y
    If your local authority won’t listen there must be a banking regulator or someone. You need to cover your arse pronto, not to mention put them out of action.
  • 9
    3y
    That company will throw you under the bus. Possibly literally.
  • 5
    3y
    @myss Yeah I've done some work for two banks, and NoSQL would be uncommon, at least in their backoffice backends.

    One of them was had been using IBM DB/2 and Fortran since 1985, the other one OracleDB with Delphi.

    Both had websites made with angular/react, Java web backends, and modern smartphone apps -- but the actual account balance was stored in ancient systems.
  • 1
    3y
    @Nanos there are still legal ways to do that
  • 4
    3y
    "most banks use nosql database"

    WRONG
  • 3
    3y
    @johnmelodyme i recommend using firebase to do that sql injection wink wink (inside joke)! Seriously though, maybe you should move away. It’s like everyone you were with wanted you to build the Taj Mahal within a weekend or some other weird shady black market thing
  • 1
    3y
    @TeachMeCode Firebase ....hahahaha
  • 0
    3y
    @fullstackchris In My country , Yes
  • 1
    3y
    @johnmelodyme well, it seems like totally the wrong tool for structured financial data, but what do I know
  • -1
    3y
    Malaysia? Pls hack KWSP...haha
  • 0
    3y
    @syedakmalcode No I'm not going to have MCMC knock on my door.
  • -1
    3y
    @johnmelodyme i kid of coz 🤣
  • 1
    3y
    As others have said, the very act is illegal, but for such a hack to work you need to know all about the banks system, how transactions are logged, what integrity controls they have.

    Remember, most banks already assume someone with system access will try to game the system so they most likely does not trust their own people ;)

    Unless you know exactly what to change and where and possibly even when they will notice and restore the account.
  • 1
    3y
    I know I'm a little late in this thread, but please report these people to HR and then the most local cybersecurity agency near you, if this is serious. Our government doesnt take this lightly, and neither should you. See something, say something.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment