Most Bank Websites are Insecure

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9090
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Quote:
More than three-quarters of bank Web sites have design flaws that could expose bank customers to financial loss or identity theft, according to a University of Michigan study that will be presented this week at the Symposium on Usable Security and Privacy.


http://www.informationweek.com/newslett ... =209600041

You can find the actual study here:

http://cups.cs.cmu.edu/soups/2008/proce ... 17Falk.pdf

Kind of scary to know that banks aren't taking more care to protect your information. I am actually kind of surprised they aren't doing more.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

One thing I don't like about my online bank is they don't enforce periodic password changes. I do it on my own for my own safety, but my old bank (before they were bought out) forced password change every quarter.
  • George L.
  • Bronze Member
  • Bronze Member
  • George L.
  • Posts: 2209
  • Loc: Malaysia

Post 3+ Months Ago

This is an amazingly important news, thanks for posting.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Then you have Limbo 2
http://www.intology.com/computers-inter ... bank-data/

Quote:
According to an internet security company Prevx, they have discovered the most sophisticated trojan yet released that steals bank data. The trojan in question is called Limbo 2.


Quote:
Limbo 2 is so advanced that it offers its own cryptor that obfuscates the trojan, making it virtually impossible to detect. It costs US $1300 and so far it has been able to bypass anti-virus software.


Quote:
It also has a unique technique to steal bank information. It can inject a code into a live banking site. If you log into a bank, it is able to hijack your connection and adds an extra field into the page. That extra field then harvests the user’s personal information. This is a very organized and cataloged trojan.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Not to mention the recent scare over weaknesses in the DNS system.
  • righteous_trespasser
  • Scuffle
  • Genius
  • User avatar
  • Posts: 6230
  • Loc: South-Africa

Post 3+ Months Ago

I haven't ever used online banking, and this makes me afraid to use it a little bit ...
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8411
  • Loc: USA

Post 3+ Months Ago

righteous_trespasser wrote:
I haven't ever used online banking, and this makes me afraid to use it a little bit ...

Same here... I would manually go to the bank and hope they are trustworthy with the information
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6252
  • Loc: Seattle, WA

Post 3+ Months Ago

I *always* use online banking. I have accounts with two different banks, both of which I manage online, and I manage my credit card online as well. It's too damn convenient to not do so.

I figure if anyone ever "steals my identity", they get to inherit my student loans and an insignificant amount of cash, so they don't totally win and I don't totally lose, lol
  • George L.
  • Bronze Member
  • Bronze Member
  • George L.
  • Posts: 2209
  • Loc: Malaysia

Post 3+ Months Ago

I only use one online banking from one local Bank. This thread reminded me I should be changing my password for security. I've never changed it since more than a year.
  • Truce
  • Guru
  • Guru
  • Truce
  • Posts: 1477
  • Loc: Washington DC

Post 3+ Months Ago

ATNO/TW wrote:
Then you have Limbo 2
http://www.intology.com/computers-inter ... bank-data/


Prevx = Desperate.

Honestly, I wouldn't believe this exists anymore than I believe any of the hyped up one-touch hacking programs exist...which isn't much.

Besides, there's no way such a piece of code would go for as little as $1300. Collecting the cash would be too risky for it to be worth it. Instead, it'd probably go for somewhere in the realm of $13,000,000 assuming it does what it's described to do. Really though, this is a ploy to get script kiddies to hand over their first paycheck thinking they're going to have control of their bank.

Post Information

  • Total Posts in this topic: 10 posts
  • Users browsing this forum: No registered users and 82 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.