BreachExchange mailing list archives
Fringe: e-banking not yet secure
From: macwheel99 () wowway com
Date: Thu, 24 Jul 2008 20:45:45 -0500
Security flaws plague majority of e-banking sites http://www.finextra.com/fullstory.asp?id=18764 Over 75% of banking Web sites contain fundamental design flaws that could put customers at risk from cyber thieves, according to a study (of 214 bank web sites)conducted by researchers at the University of Michigan. The flaws are not bugs that can be easily fixed with a patch, but are systemic, stemming from the flow and layout of the sites. 47% placed secure login boxes on insecure pages. 55% put contact information and security advice on insecure pages. Some banks use social security numbers or e-mail addresses as user IDs. 28% don't state a policy on passwords, or allow weak passwords. 31% e-mail passwords or statements to customers. 30% redirect customers to a site outside of the bank's domain for certain transactions without warning. http://www.finextra.com/fullstory.asp?id=18764 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Fringe: e-banking not yet secure macwheel99 (Jul 24)
- Re: Fringe: e-banking not yet secure security curmudgeon (Jul 24)
- Re: Fringe: e-banking not yet secure Adam Shostack (Jul 25)
- Re: Fringe: e-banking not yet secure macwheel99 (Jul 25)
- <Possible follow-ups>
- Re: Fringe: e-banking not yet secure Thomas Raef (Jul 25)
- Re: Fringe: e-banking not yet secure security curmudgeon (Jul 24)