Thursday, March 22, 2012

Security of most banking sites does not conform to U.S.


The vast majority of banking sites in the United States endanger their users due to defects in the security system, through which attackers can learn passwords, users, reports The Register.





According to research specialist, University of Michigan in 75 % of the sites of financial institutions found, at least one similar flaw.





The study was presented last Friday at a symposium at Carnegie Mellon University. The author surveys, professor Atul Prakash, said he was surprised by the presence of flaws in the security system site of the largest banks in the country. Moreover, these deficiencies were found at the design level, and are not mistakes made when building a website.





The researchers found that the authorization dialog boxes are located on unprotected pages, that allows third party to intercept the user's password. Contact information is also located on page unprotected, allowing the attacker to change the data entered by the user. Also, experts noted the lack of notification when the user is redirected to the site outside the banking domain, resulting in a user does not know whether to trust this site. In addition, many sites allow you to use e-mail address as login and did not impose requirements for passwords. Some sites send users passwords and other valuable information via e-mail.





Research staff of the University of Michigan, embracing 214 financial institutions, was conducted in 2006. On more recent data is not mentioned.





net. compulenta. ru.

No comments:

Post a Comment