Technology news and Jobs 
Information Technology News Majority of online banking sites insecure by design
Information Technology News Majority of online banking sites insecure by design | Majority of online banking sites insecure by design |
|
| by Davey Winder | |
| Friday, 25 July 2008 | |
|
Page 2 of 2 The United States Federal Deposit Insurance Corporation, in a recent Technology Incident Report that was
compiled using data from the suspicious activity reports filed
quarterly by banks themselves, lists a total of 536 cases of computer
intrusion. In 80 percent of these, while the source remains unknown,
the intrusion took place during online banking sessions.It would be possible, they say, to use a wireless connection to perform such a man-in-the-middle attack without ever changing the bank URL as far as the end user is concerned. Prakash says that the solution is as simple as ensuring that such pages are designed to use standard secure socket layer (SSL) protocol wherever sensitive information is being collected. Sadly while some pages will be secured like this, the survey found that only a minority applied the measure to all pages. "The research is notable as many of the site flaws are structural in nature" Geoff Sweeney, Chief Technology Officer with security outfit Tier-3 told us, continuing "Short of many of the site operators designing their portals from the ground up, it's likely there is no short-term fix." Sweeney is looking forward to how the paper is received today, telling us "Some banks are reported to have reworked their sites as a result of the team notifying them of their problems, but I suspect that many will take time to change their portals."
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
