Monthly Archives: February 2013

Gigant Social Media Security Hole in Banking

Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…

“That’s the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

Dr. Ken Baylor

shawshank-1

Facebook and access to millions of people through a single social login process . All customers right there on the platform. And aid in registering and creating new online accounts. This “dream of a bank marketer’s” may soon turn into a horrible nightmare for the decision makers in the international banking industry.

I have suspected for a while that this may be the case:

But, last week it was confirmed through an article written by the banking industry itself and published on their own website, AmericanBanker.com.

image_17Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person’s online bank account, and from there, leak into to highly connected global system of online banking.

According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have “just proven to be highly susceptible to malware, multiple times.”

Additionally. many unsophisticated users wouldn’t think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.

“That’s the very, very, very risky thing about social networks,” says Dr. Ken Baylor.

“The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

“Banks outside the US are starting to allow direct access to online banking through Facebook and that’s where there should be a concern about Facebook hacking,”  says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.

“Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password,” Nicole Sturgill says.

Most banks in the US, though, are still  just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking.

In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.

“The benefits, for us, outweigh the potential risk,” says King.

“The fact is that Facebook’s login platform is still magnitudes more robust than most Internet banks.”

FULL POST @ RATIONAL ARROGANCE

3 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Microsoft Confirm: We’ve Been Hacked, too

We are not surprised, Microsoft writes in a statement released friday afternoon.  Quite frankly, neither am I…

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.” 

Microsoft Security Response Center

hack-the-planet

When trying to log on to my online banking service this morning, I was met by a message that said that the service was down due to technical problems. It may, or may not, be related, but somehow I got a feeling it perhaps was more to this story than met my sleepy eyes.

And I really hate to tell you; I might be right.

On the Microsoft security pages, I found the following statement, issued on Friday afternoon:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

The IT giant goes on explaining:

 During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.

Microsoft also says that the company has “no evidence of customer data being affected and our investigation is ongoing.”

Personally, I don’t find these standard press release statements very reassuring

In fact, I find the following line more interesting:

This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries.

Compared to the banking industry‘s attempts to convince me that online banking is totally safe, it seems rather clear that they are not telling me everything…

Here’s the prior analysis of emerging threat trends by Microsoft.

(Full statement)

4 Comments

Filed under International Econnomic Politics, Laws and Regulations, Technology

Who said anything about a cyber war?

Comments Off on

Filed under International Econnomic Politics