Blog article
See all stories »

An article relating to this blog post on Finextra:

Santander denies online banking hack

Santander has denied that cybercrooks have hijacked the online banking login page of its Alliance & Leicester unit.

See article

Use of 3rd parties in online banking

It's certainly calming to know that Santander/A&L put the script there intentionally. However, some people (including the customer who first noticed this issue) continue the discussion and question the 3rd party as well as Santander's use of it.

Some examples:

"Even if advanced-web-analytics is legit. I can't see the how polycache is legit. On some of the nodes it presents a cert for, is hosted in a Linode VPS, is registered anonymously etc"

"Even if advanced-web-analytics . com is a legitimate site it is outside of bank infrastructure and can be compromised. I checked my Natwest login page and it also loads some scripts from advanced-web-analytics. As far as I can see this script does nothing harmful at the moment, but the point is it might in the future."

"Anonymous domain regs, VPS hosted accounts - all this adds up to the fact that even if Santander have not been compromised, they're so incompetent with their web security that no-one should trust them."

"Santander has relinquished control of parts of its "secure" site voluntarily to some shady looking characters. Regardless of whether or not there was a breach, it is not safe to do business with a company set up like this."

So what do you think? Is Santander and Natwest doing something they shouldn't?

And who is this anonymous 3rd party anyway?


Comments: (0)

Adam Nybäck

Adam Nybäck

System Developer


Member since

08 Jan 2008



Blog posts




More from Adam

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all

Now hiring