Wired Campus: U. of Michigan Researchers: Bank Web Sites Open to Cyberthieves

Search The Site

Opinion & Forums
The Chronicle Review Commentary Forums Live Discussions

Careers
News & Advice My Career homepage Search jobs by position type by discipline/field by state/region by institution Tools & Resources Employer Profiles

Multimedia

Leadership Forum

Technology Forum

Resource Center

Campus Viewpoints

Services
Help Contact us About The Chronicle Subscribe Day pass Manage your account Advertise with us Rights & permissions Employment opportunities

Get the latest headlines each day:
Wired Campus e-newsletter | RSS

In the Comments

You have to learn to let go. The idea that books, magazines, databases or any form of information source can and should be kept for perpetuity is laughable. Items in a library need to be weeded and space is the major reason why. I know all of you want to keep your precious books, and I do to. But who’s going to pay for it, you?... — the other me

Library Protesters to Ohio State U.: Digital's OK, but Save Our Books!

<script language="JavaScript1.1" src="http://ad.doubleclick.net/adj/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"> </script> <noscript> <a href="http://ad.doubleclick.net/jump/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?"><img src="http://ad.doubleclick.net/ad/wiredblog.che/;abr=!ie;abr=!aol;sz=250x250,300x250;ord=?" width="300" height="250" border="0"></a> </noscript>

Wired Campus Writers

Josh Fischman
Internet issues, new technology, security, computing

Jennifer Howard
libraries, publishing

Sara Lipka
piracy, student technology use

Marc Parry
distance education, security, the technology marketplace

Jeffrey R. Young
video, audio, how technology is changing scholarship and teaching

Need more tech news?
Read our complete IT section.

Categories

July 24, 2008

U. of Michigan Researchers: Bank Web Sites Open to Cyberthieves

More than three-quarters of bank Web sites are insecure, leaving their customers vulnerable to having their money stolen online or their identities compromised, according to a report by researchers at the University of Michigan at Ann Arbor. The report, to be released Friday at a computer-security and -privacy conference at Carnegie Mellon University, is based on an examination of 214 bank Web sites in 2006.

Among the problems the researchers identified were the following:

° Secure login boxes on insecure Web pages. A hacker could reroute data entered in the boxes or create a spoof copy of the page to harvest financial information.

° Putting contact data and security advice on insecure pages. An attacker could change an address or phone number and set up his own call center to gather private data from customers.

° Easily guessed user IDs and passwords. Some sites used Social Security numbers or e-mail addresses as user IDs.

“To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” Atul Prakash, a professor of electrical engineering and computer science at Michigan, said in a prepared statement.—-Andrea L. Foster

Posted on Thursday July 24, 2008 | Permalink |

Comments

Leslie Charteris got it right: “The castle with the most imposing drawbridge is usually guarded at the back door by a small sign reading ‘No admittance.’”

— Dan Jul 25, 08:26 AM #
What questions should I be asking my bank in order to ascertain if the banks I use have secure or insecure web pages?

— RJG Jul 31, 08:58 PM #

Commenting is closed for this article.

Previous: U. of Illinois to Set Tuition for New Online Programs
Next: Cellphones May Endanger Your Health, Pitt Cancer Center Director Warns His Staff

Home | Chronicle Careers | The Chronicle Review