Majority of Banking Websites Found Insecure
August 3, 2008 | 7:48 pm | by t-blender |Rate It:
yahoo tech: A new study from the University of Michigan has found that more than 75 percent of banking websites are not completely up to snuff when it comes to security.
The study looked at 214 financial institution websites and focused on both design flaws and improper security practices. None of these flaws represent catastrophic security issues, but many could allow for easier access to your password and user name should a malicious hacker come calling.
The flaws studied included the following:
Insecure Login System
Nearly half of the banks examined had “secure” login systems on insecure web pages which did not use the SSL protocol. Failure to use SSL, the study says, allows for the possibility of an attack that would allow for the interception of login details if a user was accessing the site wirelessly, called a “man in the middle” attack. The study notes that most banks secure the internal portions of their site, but many leave the login page unsecured.
Putting Contact Info on an Insecure Page
The biggest flaw of the bunch (55 percent failing the test): A similar attack to the above could simply let a hacker change the phone number listed on the contact info page, redirecting customers to a phony call center ready to snap up their user name and password.
No comments yet.