Majority of banking websites found insecure
Fri Aug 1, 2008 1:41PM EDT
See Comments (8)
A new study from the University of Michigan has found that more than 75 percent of banking websites are not completely up to snuff when it comes to security.The study looked at 214 financial institution websites and focused on both design flaws and improper security practices. None of these flaws represent catastrophic security issues, but many could allow for easier access to your password and user name should a malicious hacker come calling.
The flaws studied included the following:
Insecure Login System
Nearly half of the banks examined had "secure" login systems on insecure web pages which did not use the SSL protocol. Failure to use SSL, the study says, allows for the possibility of an attack that would allow for the interception of login details if a user was accessing the site wirelessly, called a "man in the middle" attack. The study notes that most banks secure the internal portions of their site, but many leave the login page unsecured.
Putting Contact Info on an Insecure Page
The biggest flaw of the bunch (55 percent failing the test): A similar attack to the above could simply let a hacker change the phone number listed on the contact info page, redirecting customers to a phony call center ready to snap up their user name and password.
Redirecting Outside the Bank Without Warning
When users are directed to third party services (like, say, bill payment sites), the bank doesn't warn them of the change. A user may not know if what he's seeing is trustworthy or not.
Using Social Security Numbers or Email Addresses as User IDs
These are simple things to guess or find out, especially email addresses. Banks should allow users to create a custom user name, as well as have a policy on weak passwords, but 28 percent of banks tested did not.
Emailing Secure Information Insecurely
Things like password resets and financial statements should be sent securely: Passwords, for example, should never be sent as plain text, yet 31 percent of banks failed this test.
The full study (10 pages, PDF link) can be reviewed here. Specific sites failing the various tests were not revealed. Also note that the study was performed back in 2006 (the results are only being published now), so things may have improved since the original analysis.
Top 5 Posts
More About Services
Comments on 4th of July fireworks photography tips
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by alexgannis on Wed Jun 24, 2009 7:45PM EDT Report Abuse
You're 100% correct thanks, I made some great shot last year on my Canon 40D ISO 100 bulb setting. bulb is not a fla----- s a setting in pro camera manuel mode.
-
3 Posted by lubbcraig on Thu Jun 25, 2009 7:17AM EDT Report Abuse
i guess this is a yearly post for you eh? XD
-
4 Posted by rogueist on Thu Jun 25, 2009 9:20AM EDT Report Abuse
You forgot the most important tip - dont stand over the fireworks expecting to catch a firecracker (or M80) exploding on the ground, or a bottle rocket or roman candle as they launch.
-
5 Posted by gullwingdoors on Thu Jun 25, 2009 10:13AM EDT Report Abuse
Good article. I think I'll try some of this stuff with my A590IS. Another tip for those whose camera does not have those settings, if it is a Cannon, try the CHDK firmware. http://chdk.wikia.com/wiki/CHDK It adds a ton of extra features including the ones mentioned in this article (rapid fire, long exposures, etc).
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
1 Posted by pb_enial on Wed Jun 24, 2009 5:15PM EDT Report Abuse
Thanks for the tip. Just bought a Canon A480.