iTWire - Majority of online banking sites insecure by design

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Sustainability

Live Technology Events - Training - Forums - Summits

Technology news and Jobs

Information Technology News

Majority of online banking sites insecure by design

Majority of online banking sites insecure by design

PDF

E-mail

by Davey Winder
Friday, 25 July 2008
Page 1 of 2 ! That is the surprising conclusion of a University of Michigan study which discovered that more than 75 percent of bank sites surveyed had at least one flaw which could make customers vulnerable to financial or identity loss. The findings, which will be presented today at a Symposium on Usable Privacy and Security meeting at the Carnegie Mellon University, suggest that these are design flaws that cannot be fixed with a simple patch... Professor Atul Prakash from the Department of Electrical Engineering and Computer Science at the University of Michigan, along with doctoral students Laura Falk and Kevin Borders, looked at a total of 214 online financial institutions while undertaking the study. None expected to find that such a large number of them would be vulnerable to potential data and identity theft. Professor Prakash says that "To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country." While focusing on those users who attempt to be careful in their online banking, Prakash found that "unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking." The problem being that these are not simple programming errors. It is not the kind of code glitch that can be patched up and put right with the application of a digital sticking plaster. Instead, Prakash argues that they fundamental flaws which stem from the flow and layout of the web pages themselves. The kind of thing that the report authors are talking about include the placing of login boxes as well as contact information on insecure pages, for example. Or how about a simple failure to keep the user within the boundaries of the actual site they initially visited? Flaws, the study suggests, that "leave cracks in security that hackers could exploit" in order to gain access to private information and accounts. Where are the banks going wrong and what can be done to protect the end user? Read on for more from Professor Prakash... CONTINUES << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Cleartext offers MessageLabs clients incentives to switch

Simms Exclusive Distributor of Cygnett MP3 Accessories

Pitney Bowes MapInfo Launches New Version of AnySite

db4o First Database in the Industry to Support Optimized LINQ on the Compact Framework

...Promote yourself here

Latest jobs

Product Manager
Test Analyst
Project Manager
Systems Administrator - 6m + 6m
Applications Architect - Financial Services
K2 Workflow Developer
Billing Analyst
Security Systems Engineer - 80K package
Network Engineer
Business Analyst

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter

Today on iTWire