Navy Federal Credit Union Web Site Operating with Security Issue

• July 18th, 2009, by Scott Jarkoff, 15 Comments

Onlinebanking users are hopefully aware of the need to login to their banksweb-based system using secure means, such as via a web site protectedusing SSL encryption. (Editor's Note:  "Yeah Right!" SSL encryption is flawed...as is the more supposedly advanced  "EV SSL" encryption. (see my posts on the subject below)

 

PIN Debit Payments Blog: EV SSL Encryption Is Safe! "Yeah...Right!"

Jul 08, 2009

 

Extended Validation (EV) SSL is considered by all to be more secure than SSL: Calls for widespread EV SSL implementation are on the rise as SSLExtended Validation Secure ... threats increase. Two years after its rollout, the "more secure"

http://pindebit.blogspot.com/

Every legitimate bank offers suchprotection, normally disallowing customers the ability to login viaunsecure means. But not every bank appears to be conscious of themyriad of potential security risks associated with their site. Navy Federal Credit Unionis plagued by a huge security vulnerability on their web site and ispossibly the easiest bank on which to perform a phishing expedition
.
Updated – August 12, 2009: Added correspondencefrom the RSA Anti Fraud Command Centre and SliceHost Support regardinga take-down notice and trademark infringement claim. This littlearticle has apparently generated some interest and visibility by anNFCU “security” contractor.

Updated – August 15, 2009: The sagaappears to have come to an end as the RSA AFCC responds to SliceHostafter TechMiso stipulates the content was not infringing. The attackdogs are ostensibly caged for now.

Read the full story …