• Top Banks Suffering from Multiple Vulnerabilities

    Solid financial institutions are the cornerstone of any successful economy. These institutions need to maintain the highest levels of security to protect sensitive customer data from becoming prey to malicious interests. Given the fact that these giants of industry have emergency response and security teams and that they spend hundreds of thousands of dollars a year on everything from general IT infrastructure to buying a plethora of security products. It is surprising to see that these top banks and financial institutions are not as locked down and airtight as one should expect.

    We at StopTheHacker.com have conducted a study to ascertain if these top financial institutions are really secure or not. The findings, including a graphical summary, are also available in a PDF report attached at the end of this article.

    Security Level of Top US Financial Institutions in 2009
    Security Level of Top US Financial Institutions in 2009

    The results were astonishing: 13 out of 14 websites had at least one critical vulnerability. In more detail, we highlight some key results below:

    1. On average, there are 1.5 critical security issues in each financial institution
    2. On average, there are 1.2 important security issues in each financial institution
    3. On average, there are 7.9 general security issues in each financial institution
    4. The highest company valuation in total assets does not correlate to the highest security
    5. The financial institution in our set with the least valuation had zero critical security holes

    The identified vulnerabilities are very serious: critical security issues/holes are widely seen as major security concerns by security experts, and security standards.

    The most prevalent vulnerability among all of those discovered, allows a hacker to spawn what is known as a shell, more commonly known as the command-prompt, and thereby remotely executing harmful commands on the web server. Other vulnerabilities range from major Cross Site Scripting (XSS) vulnerabilities, which can enable hacker to steal credentials of website visitors, to a plethora of concerns with various software installations used on these systems.

    For more information, please feel free to contact us.

    • […] banks on the fact that most websites are weak and can be easily compromised. In fact even the top 15 financial institutions have vulnerabilities. This article describes a relatively new trick that malware developers are using to avoid detection […]

      Posted by Web-Malware faking Norton – stopthehacker.com – Jaal, LLC on January 18th