NYT Website Outage Exploit Could Easily Affect Bank Websites

Image

For the several hours that the New York Times’ went digitally dark Tuesday, bankers would have been smart to pay attention.

The exploit is common and virtual thieves have been employing the tactic since domain registrars changed website information after being prompted by a fax.

”If your registrar uses single factor authentication, you are just as vulnerable” as the NYT is, a source told me. “If that [registrar] gets pilfered, every single domain name that is associated with that username and password is vulnerable to that same attack.”

Indeed, banks are no more safe or unsafe than any other company that does business on the net.

Financial services companies are completely at the whim of their vendor’s security standards.

And it’s as easy as finding out the domain registrar of Bank of America.

You see, if MarkMonitor Inc. is allowing its users to login online using only a username and password, the bank is screwed.

Guess what? 

markmonitor

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s