Online Bank Security Worsens
Banks' online security is getting worse as they rush to offer services online,
according to new research.
This year's Annual Security Report from NTA Monitor, a security testing firm,
found that 20 percent more security vulnerabilities turned up in the
infrastructures of banks, building societies and other financial institutions
compared with last year's report. The survey covers networks, applications and
By comparison, a month ago NTA reported that the security of U.K.
organizations in general improved year-on-year. Thirty-two percent of U.K.
organizations tested had critical vulnerabilities that are widely known and
exploited, compared to 61 percent in 2006.
Meanwhile, financial organizations tested positive for an average of three
more vulnerabilities in the 2007 survey, NTA said.
A common category was buffer overflows in Bind running on DNS servers, which
could allow an attacker access to the server.
Another common problem was expired SSL certificates, which force users to
acknowledge that they know the certificate is invalid before they can access the
NTA technical director Roy Hills said the increase in security problems is
due to growing pressure on financial organizations to go online. "Whilst this
extra accessibility is of benefit to many customers, at the same time it can
increase the exposure to external attacks," he said in a statement.
Among NTA's recommendations are to ensure SSL certificates are always renewed
on time, to change default settings on Apache, in order to avoid denial of
service attacks, and to keep up to date with patches.
Matthew Broersma, Techworld