21 December 2014

Cards and mobile

Adam Nybäck - Anyro

4Posts 24,546Views 32Comments

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...
A post relating to this item from Finextra:

Santander denies online banking hack

19 April 2011  |  12348 views  |  0
Santander has denied that cybercrooks have hijacked the online banking login page of its Alliance & Leicester unit.

Use of 3rd parties in online banking

21 April 2011  |  10232 views  |  0

It's certainly calming to know that Santander/A&L put the advanced-web-analytics.com script there intentionally. However, some people (including the customer who first noticed this issue) continue the discussion and question the 3rd party as well as Santander's use of it.

Some examples:

"Even if advanced-web-analytics is legit. I can't see the how polycache is legit. On some of the nodes it presents a cert for gate-logic.com, is hosted in a Linode VPS, is registered anonymously etc"

"Even if advanced-web-analytics . com is a legitimate site it is outside of bank infrastructure and can be compromised. I checked my Natwest login page and it also loads some scripts from advanced-web-analytics. As far as I can see this script does nothing harmful at the moment, but the point is it might in the future."

"Anonymous domain regs, VPS hosted accounts - all this adds up to the fact that even if Santander have not been compromised, they're so incompetent with their web security that no-one should trust them."

"Santander has relinquished control of parts of its "secure" site voluntarily to some shady looking characters. Regardless of whether or not there was a breach, it is not safe to do business with a company set up like this."

So what do you think? Is Santander and Natwest doing something they shouldn't?

And who is this anonymous 3rd party anyway?

TagsSecurityOnline banking

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Adam

Android NFC still not for payments

13 May 2011  |  3599 views  |  1  |  Recommends 0 TagsMobile & onlinePayments

Use of 3rd parties in online banking

21 April 2011  |  10232 views  |  0  |  Recommends 1 TagsSecurityOnline bankingGroupInformation Security

Santander UK online bank attacked

19 April 2011  |  6795 views  |  0  |  Recommends 0 TagsSecurityOnline bankingGroupInformation Security

What's wrong with the UK?

22 November 2008  |  3921 views  |  3  |  Recommends 0 TagsPayments

Adam's profile

job title System Developer
location Stockholm
member since 2008
Summary profile See full profile »
Self employed system development consultant in the payment card industry in Scandinavia.

Adam's expertise

What Adam reads
Adam writes about
Adam's blog archive
2011 (3)2008 (1)

Who is commenting on Adam's posts