[ISN] Online bank security worsens

From: InfoSec News (alerts@private)
Date: Thu Jun 14 2007 - 23:25:54 PDT


http://www.techworld.com/security/news/index.cfm?newsID=9162

By Matthew Broersma
Techworld
14 June 2007

Banks' online security is getting worse as they rush to offer services online,
according to new research.

This year's Annual Security Report from NTA Monitor, a security testing firm,
found that 20 percent more security vulnerabilities turned up in the
infrastructures of banks, building societies and other financial institutions
compared with last year's report. The survey covers networks, applications and
systems.

By comparison, a month ago NTA reported that the security of UK organisations in
general improved year-on-year. Thirty-two percent of UK organisations tested had
critical vulnerabilities that are widely known and exploited, compared to 61
percent in 2006.

Meanwhile, financial organisations tested positive for an average of three more
vulnerabilities in the 2007 survey, NTA said.

A common category was buffer overflows in Bind running on DNS servers, which
could allow an attacker access to the server.

Another common problem was expired SSL certificates, which force users to
acknowledge that they know the certificate is invalid before they can access the
site.

NTA technical director Roy Hills said the increase in security problems is due
to growing pressure on financial organisations to go online. "Whilst this extra
accessibility is of benefit to many customers, at the same time it can increase
the exposure to external attacks," he said in a statement.

Among NTA's recommendations are to ensure SSL certificates are always renewed on
time, to change default settings on Apache, in order to avoid denial of service
attacks, and to keep up to date with patches.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 14 2007 - 23:44:18 PDT