Online banking users are hopefully aware of the need to login to their banks web-based system using secure means, such as via a web site protected using SSL encryption. Every legitimate bank offers such protection, normally disallowing customers the ability to login via unsecure means. But not every bank appears to be conscious of the myriad of potential security risks associated with their site. Navy Federal Credit Union is plagued by a huge security vulnerability on their web site and is possibly the easiest bank on which to perform a phishing expedition.
Updated – August 12, 2009: Added correspondence from the RSA Anti Fraud Command Centre and SliceHost Support regarding a take-down notice and trademark infringement claim. This little article has apparently generated some interest and visibility by an NFCU “security” contractor.
Updated – August 15, 2009: The saga appears to have come to an end as the RSA AFCC responds to SliceHost after TechMiso stipulates the content was not infringing. The attack dogs are ostensibly caged for now.
Recent Comments