Vast Majority of US Bank Websites Pose Security Risk to Users Says Study - 1,441 Views, 2 Comments
|
Previous Article « Craigslist Images Hosed
Read Next Article » AT&T GPS Comes of Age with AT&T Navigator Global Edition
A recently released study conducted at the University of Michigan has found that as many as 75% of all bank websites have security flaws which pose a security risk to customers who visit the website. Now, this is different from phishing, etc., for which banks are known targets. This is you going to your own bank’s website, and just by visiting the site, having your computer or your personal data - or both - compromised. According to Atul Prakash, the University of Michigan professor who oversaw the study, “To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” although no names were named. Perhaps even worse is that these are, as Prakash points out, design flaws. Not bugs. Not holes that have been hacked in by hackers. It’s how the websites were designed! The three biggest problems were What does this mean for you, the user? Well first, to be hypervigilant when using your bank’s website - make sure you are on a secure page, or don’t send sensitive information. And make sure that you have a strong password, that includes upper- and lowercase letters, and numbers.
Follow Anne on
Twitter 
Friend Anne on Facebook
Vast Majority of US Bank Websites Pose Security Risk to Users Says Study
Twitter Explained in Plain English
Previous Article « Craigslist Images Hosed
Read Next Article » AT&T GPS Comes of Age with AT&T Navigator Global Edition
Read more:
» Handful of Zombie Networks Responsible for All Phishing Attacks
» Outlook Express Flaw Elevated to Higher Risk
» Confidential Company and Institutional Data Found on Used Hard Disks (News Release)
» Biggest Bank Breach Beleaguers Bank of America, Others
For additional similar stories check out our archives on Security
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
“The use of insecure pages (http: instead of https:) where
users might input their password”
Perhaps a nit, BUT … the pages on which the username and
login feels are displayed and into which the user types
their information DO NOT need to be https. (They should be,
but it’s purely for psychological reasons.) It’s the pages
that are *then* referenced by the input form’s action that
*must* be https. Sadly it’s frequently not at all easy to
tell if they are even if the data entry page is https.
I have an article coming up on that shortly on Ask Leo! -
http://ask-leo.com/12587 will be accessible after 7/30/2008.
-Leo
Comment by Leo — 7/28/2008 @ 6:29 pm
the sony bank sites sell your indormation
Comment by lenins5 — 8/1/2008 @ 8:08 am