Solve : Vast Majority of US Bank Websites Pose Security Risk to Users

1.	Solve : Vast Majority of US Bank Websites Pose Security Risk to Users Says Study?
Answer» http://tinyurl.com/59nuwn A recently released study conducted at the University of Michigan has found that as many as 75% of all bank websites have security flaws which pose a security risk to customers who visit the website. Now, this is different from phishing, etc., for which banks are KNOWN targets. This is you going to your own bank’s website, and just by visiting the site, having your computer or your personal data - or both - compromised. According to Atul Prakash, the University of Michigan professor who oversaw the study, “To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” although no names were named. Perhaps even worse is that these are, as Prakash points out, design flaws. Not bugs. Not holes that have been hacked in by HACKERS. It’s how the websites were designed! The three biggest problems were # The use of insecure pages (http: instead of https:) where users MIGHT input their password # Allowing weak user IDs and passwords that are easily guessable # Emailing sensitive INFORMATION via the site What does this mean for you, the user? Well first, to be hypervigilant when using your bank’s website - make sure you are on a secure page, or don’t send sensitive information. And make sure that you have a strong password, that includes upper- and lowercase letters, and numbers. I can only judge by my own on line banking but - some while ago they set up a two level sign-in - all under a secure socket umbrella so - hopefully reasonable secure. I'd not want to be using one without this I must say. Not good if some banks do not follow good SSL and encription practice.Any bank that doesn't use a secure page for the log in has to be insane, however I'd assume that most of the banks with flaws are city/state town banks and not large world-wide/country-wide banks.Quote from: Broni on August 01, 2008, 06:01:37 PM http://tinyurl.com/59nuwn That URL isn't working. Quote from: Broni on August 01, 2008, 06:01:37 PM # The use of insecure pages (http: instead of https:) where users might input their password Does anyone know of a bank that uses insecure logon pages? If there are any, it would surely be a small local bank SOMEWHERE, and I find even that very difficult to believe. Personally i've never seen one... They'd have to be lazy or incompetent...or both.

Solve : Vast Majority of US Bank Websites Pose Security Risk to Users Says Study?

Answer» http://tinyurl.com/59nuwn

A recently released study conducted at the University of Michigan has found that as many as 75% of all bank websites have security flaws which pose a security risk to customers who visit the website.

Now, this is different from phishing, etc., for which banks are KNOWN targets.

This is you going to your own bank’s website, and just by visiting the site, having your computer or your personal data - or both - compromised.

According to Atul Prakash, the University of Michigan professor who oversaw the study, “To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” although no names were named.

Perhaps even worse is that these are, as Prakash points out, design flaws. Not bugs. Not holes that have been hacked in by HACKERS. It’s how the websites were designed!

The three biggest problems were
# The use of insecure pages (http: instead of https:) where users MIGHT input their password
# Allowing weak user IDs and passwords that are easily guessable
# Emailing sensitive INFORMATION via the site

What does this mean for you, the user? Well first, to be hypervigilant when using your bank’s website - make sure you are on a secure page, or don’t send sensitive information. And make sure that you have a strong password, that includes upper- and lowercase letters, and numbers.
I can only judge by my own on line banking but - some while ago they set up a two level sign-in - all under a secure socket umbrella so - hopefully reasonable secure.

I'd not want to be using one without this I must say. Not good if some banks do not follow good SSL and encription practice.Any bank that doesn't use a secure page for the log in has to be insane, however I'd **assume** that most of the banks with flaws are city/state town banks and not large world-wide/country-wide banks.Quote from: Broni on August 01, 2008, 06:01:37 PM

http://tinyurl.com/59nuwn

That URL isn't working.

Quote from: Broni on August 01, 2008, 06:01:37 PM

# The use of insecure pages (http: instead of https:) where users might input their password

Does anyone know of a bank that uses insecure logon pages? If there are any, it would surely be a small local bank SOMEWHERE, and I find even that very difficult to believe. Personally i've never seen one...

They'd have to be lazy or incompetent...or both.

Solve : Vast Majority of US Bank Websites Pose Security Risk to Users Says Study?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment