Major Banking Sites Place Customers at Risk
Robert McMillan writes on InfoWorld:
Online bank customers may want to pay a little more attention to their browsers the next time they log in, because many of the most popular banking sites in the U.S. may be needlessly placing their customers at risk to online thieves, a noted security researcher warned Thursday.More here.
At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information. Although these forms may be encrypted, they do not use authentication technology to prove they are genuine, according to Johannes Ullrich, chief research officer at the SANS Institute.
A more secure approach would be to force users to log in on a HTTPS (HyperText Transport Protocol Secure) Web page. HTTPS pages use the SSL (Secure Sockets Layer) security protocol, which not only encrypts the information on the page but also provides digital certificates to give assurance that the Web site in question is genuine.
0 Comments:
Post a Comment
<< Home