[Owasp-ireland] Banks scramble to fix mobile app security flaws

Laurent Benameur Sauvaire laurentbenameur at gmail.com
Mon Nov 8 15:14:08 EST 2010


Come on, what's in the article really ?

Correct me if I'm wrong but if phones are giving away the content of their memory when a malicious website is visited, then I'd first question the security of the phone instead of bragging about discovering big names' flaws (not that I like them).

Storing clear text passwords is definitely odd, but one would investigate the exploitability of those things to assess a potential risk, isn't it ?

Rgds,
Laurent.


On 8 Nov 2010, at 11:57, fabio.e.cerullo at aib.ie wrote:

> 
> A number of top financial companies and banks such as Wells Fargo & Co., Bank of America Corp. and USAA are rushing out updates to fix security flaws in wireless banking applications that could allow a computer criminal to obtain sensitive data like usernames, passwords and financial information. 
> 
> The central problem is that the apps, which run on Apple Inc.'s iPhone and Android-based devices from Google Inc., are storing a user's information in the memory of a cellphone, a basic lapse that the security researcher who found the flaws said could allow a cybercriminal to access a person's financial accounts. 
> 
> Read more: http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html?mod=googlenews_wsj 
> 
> Thanks, 
> 
> Fabio
> ******************************************************
> This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.
> 
> This email has been scanned by an external email security system.
> 
> Allied Irish Banks
> 
> AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173
> 
> Please consider the environment before printing this e-mail. 
> ******************************************************
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20101108/69675ffe/attachment.html 


More information about the Owasp-ireland mailing list