12 February 2016

Cards and mobile

Adam Nybäck - Anyro

4Posts 25,982Views 35Comments

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...
A post relating to this item from Finextra:

Santander denies online banking hack

19 April 2011  |  13313 views  |  0
Santander has denied that cybercrooks have hijacked the online banking login page of its Alliance & Leicester unit.

Object reference not set to an instance of an object.

21 April 2011  |  11104 views  |  0

It's certainly calming to know that Santander/A&L put the advanced-web-analytics.com script there intentionally. However, some people (including the customer who first noticed this issue) continue the discussion and question the 3rd party as well as Santander's use of it.

Some examples:

"Even if advanced-web-analytics is legit. I can't see the how polycache is legit. On some of the nodes it presents a cert for gate-logic.com, is hosted in a Linode VPS, is registered anonymously etc"

"Even if advanced-web-analytics . com is a legitimate site it is outside of bank infrastructure and can be compromised. I checked my Natwest login page and it also loads some scripts from advanced-web-analytics. As far as I can see this script does nothing harmful at the moment, but the point is it might in the future."

"Anonymous domain regs, VPS hosted accounts - all this adds up to the fact that even if Santander have not been compromised, they're so incompetent with their web security that no-one should trust them."

"Santander has relinquished control of parts of its "secure" site voluntarily to some shady looking characters. Regardless of whether or not there was a breach, it is not safe to do business with a company set up like this."

So what do you think? Is Santander and Natwest doing something they shouldn't?

And who is this anonymous 3rd party anyway?


Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from

Adam's profile

job title System Developer
location Stockholm
member since 2008
Summary profile See full profile »
Self employed system development consultant in the payment card industry in Scandinavia.

Adam's expertise

What Adam reads
Adam writes about
Adam's blog archive
2011 (3)2008 (1)

Who's commenting on Adam's posts