Vast Majority of US Bank Websites Pose Security Risk to Users Says Study

   7/28/2008 |  7/28/2008 |  2 Comments
Category: Security
The Internet Patrol default featured image
Share the knowledge

A recently released study conducted at the University of Michigan has found that as many as 75% of all bank websites have security flaws which pose a security risk to customers who visit the website.

Now, this is different from phishing, etc., for which banks are known targets.

This is you going to your own bank’s website, and just by visiting the site, having your computer or your personal data – or both – compromised.

According to Atul Prakash, the University of Michigan professor who oversaw the study, “To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” although no names were named.

Perhaps even worse is that these are, as Prakash points out, design flaws. Not bugs. Not holes that have been hacked in by hackers. It’s how the websites were designed!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

The three biggest problems were

  • The use of insecure pages (http: instead of https:) where users might input their password
  • Allowing weak user IDs and passwords that are easily guessable
  • Emailing sensitive information via the site

    • What does this mean for you, the user? Well first, to be hypervigilant when using your bank’s website – make sure you are on a secure page, or don’t send sensitive information. And make sure that you have a strong password, that includes upper- and lowercase letters, and numbers.

    Get New Internet Patrol Articles by Email!

    The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

    CashApp us Square Cash app link

    Venmo us Venmo link

    Paypal us Paypal link

     

    More from the Internet Patrol:

    How to Cancel, Deactivate, and Delete Your Canva Account Following the Canva Breach
    Nearly 100 Arrests Worldwide in Blackshades RAT (Remote Access Tool) Sting
    The Cognizant Breach: What You Should Know About Maze Ransomware Attacks
    Tesla: Data Security Hell on Wheels?
    Twitter Competitor Mastodon - the New Open Source Social Network - Explained
    How to Protect Yourself or Your Business from Ransomware in 2 Steps
    The Story of CTRL + ALT + DEL: How these Shortcut Keys Became Famous
    UK Government Silently Intensifying Controversial Web Surveillance Measures

    Share the knowledge

    2 thoughts on “Vast Majority of US Bank Websites Pose Security Risk to Users Says Study

    2. “The use of insecure pages (http: instead of https:) where
      users might input their password”

      Perhaps a nit, BUT … the pages on which the username and
      login feels are displayed and into which the user types
      their information DO NOT need to be https. (They should be,
      but it’s purely for psychological reasons.) It’s the pages
      that are *then* referenced by the input form’s action that
      *must* be https. Sadly it’s frequently not at all easy to
      tell if they are even if the data entry page is https.

      I have an article coming up on that shortly on Ask Leo! –
      http://ask-leo.com/12587 will be accessible after 7/30/2008.

      -Leo

      Reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.