Found a massive exploit in local bank & biggest online paying system in the Netherlands & reported - General

Hey everyone I recently found a huge exploit in a paying system that is used in the Netherlands, called iDeal. Due to this exploit it's possible to for example buy a product that cost x amount of money and have 0,00 be transferred from your account. The iDeal system then says the payment was a success. I've reported this exploit to the Local bank: and I know it was the right thing to do (Could be used for example to transfer 1000000000000000000 to your Paypal via iDeal and not pay a single dime). But I wonder: What would Facepunch have done: so I made a poll. What have you done if you got your hands on this exploit? Would you buy a shit ton of Bitcoins for 0,00$ and run away as a billionaire? Or would you, like me report it with a tiny chance on a reward/public attention? [I]PS: I'm not sharing any information on this exploit, nor how this is performed or when this can be used. All information is secret and none will be released to the public before it is 100% fully patched.[/I]

Where's the option for "Would use it for a while and then report it and hope they don't notice"

[QUOTE=BFG9000;47476264]Where's the option for "Would use it for a while and then report it and hope they don't notice"[/QUOTE] Dude the Bahamas's are way cooler

Getting the FBI on YOUR ASS is not fun at all! Reporting it is the only ethically-sound thing to do!

[QUOTE=Biohazard99;47476282]Getting the FBI on YOUR ASS is not fun at all! Reporting it is the only ethically-sound thing to do![/QUOTE] Exactly my thought - plus even though there' may be no reward, good karma is worth something. [sp] hope they give me money those bastards [/sp]

I'd have either used it to get some free stuff like a filing cabinet and a better desk and then reported it hoping nobody noticed, sold it for a high price as an exploit, or informed them hoping there's a cash reward. Literally a third split on how hard it is to decide what I'd do.

[QUOTE=Siemz;47476296]Exactly my thought - plus even though there' may be no reward, good karma is worth something. [sp] hope they give me money those bastards [/sp][/QUOTE] good karma doesn't buy you a yacht

Exploiting something like this could easily backfire on you. It's best you reported it, even if free shit seems cool.

Maybe I'm a greedy bastard but... [i]why not do it and retire if you were smart enough to figure it out?[/i]

I would report it the moment I found it. Yes, I'm boring.

[QUOTE=Dave_Parker;47476328]Should've reported it to team high-tech crime, could've landed a job. Plus it would be fixed sooner[/QUOTE] The bank has it's own advanced team. They even require the exploit to be reported PGP encrypted :)

Did you actually try this or does it only work [I]theoretically[/I]? Kind of hard to believe iDeal would not check for stuff like this (Most likely tamper data?)

I'm not a fan of having the FBI's whole fist violently being shoved up my butthole, so I'd report it.

Yeah no this is serious shit, I'd report. [editline]7th April 2015[/editline] [QUOTE=J!NX;47476369]good karma doesn't buy you a yacht[/QUOTE] The Cops aren't too keen on buying people Yachts either :v:

depending on the bank's reward policy for bug reports I'd either report it or sell it

[QUOTE=rakker;47476452]Did you actually try this or does it only work [I]theoretically[/I]? Kind of hard to believe iDeal would not check for stuff like this (Most likely tamper data?)[/QUOTE] Checked it & nothing to do with that; it has something deeper and worse.

tbh i wouldn't have even posted this thread after reporting usually once you report they don't want you to discuss it at all, even the very existence of it

I'd have reported it without a doubt, maybe you'll get something for reporting something that could be used to abuse something as huge, as this?

I would've donated the money.. then they couldn't have got it back, plus it goes to a good cause!

um saying there is an exploit is pretty much sharing information about it, youre saying it exists.

I'd buy one or two things then report it and hope they don't reverse the two purchases. No way this would go unnoticed for any significant period of time, and exploiting it could get you into tons of shit.

Just buy a couple of things and when they tell you about you not paying a single dime then start acting suprised and stupid. You might get to keep the stuff.

I don't know much about law, but I know the number one way to get in really, really deep shit is to fuck with banks.

I highly doubt that its possible and forgetting about it instead of reporting it is much better, let someone else get in trouble and not you.

Good thing none of us here on Facepunch know programming or how to search for exploits. Brb.

The problem with using the exploit is that the moment you do, your on a ticking timebomb. Part of the FBIs whole purpose is to catch and arrest people who screw around with the economy in such a way. Even if you were to just use it to buy something benine and inexpensive, say a stick of gum? The FBI would have no problem locking you away because you just HAD to have some gum. Even with this "Buy something for nothing" exploit, I am sure the transaction is still logged. And once the bank has found out about it, alongside whoever may have done it, they will have no qualms with calling up Uncle Sam to do sick sick things to you!

I'd have honestly sold that exploit to people who could have used it for a decent price. I probably sound awful saying that, but I sure as hell couldn't have ran it without getting the FBI on my ass and I'd feel I was due a decent profit. Alternatively, if I had the skills to discover that, sent it to the FBI or equivalent that could lead me into a job.

I'd report it anonymously. People have gotten into deep shit for merely reporting security issues before. No, thanks.

last time i reported a exploit i regretted it forever and also got banned for reporting it.

As someone who's lived in the Bahamas for 9 years. Do not run there, the place really fucking sucks.