Ameriprise one of the larger financial investment companies did not patch major security flaws on their investment site for at least five months. Russ McRee notified Ameriprise financial several times but none of his emails were answered. The flaws Mr. McRee discovered allowed even lesser skilled attackers to exploit those vulnerabilities and ultimately bring customers/users of Ameriprise at risk. One of the flaws allowed for sending Ameriprise customers bona fide links to the Ameriprise website that opened pages that intermingled counterfeit content with legitimate text and graphics.
I can only think of one case that tops this "fly-by-night" operation and this is with ISH/UnityMedia a cable company in Germany, that actually replied to emails complaining about Spam coming from their network with the comment "Just configure your Anti Spam software, this is not our problem".
Seems like irresponsibility is on the rise.
Read the article: Security bugs crawl all over financial giant’s website
1SSA - Security Consulting, Training and Products
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Blog Archive
-
▼
2009
(44)
-
▼
August
(13)
- What is cloud computing?
- Infected websites on Google &Yahoo
- SMS based 2-factor authentication not that secure?
- Ameriprise website security: Fly-by-night operation
- Radisson joining the club of credit card victims
- Data of over 130 Million Credit Cards stolen
- 111,000 bogus Antivirus products found in Q1 2009
- eVoting - Not ready for prime time
- Cookies for the feds?
- US government cybersecurity bigwigs leaving
- Analysis on Twitter DDoS
- Updated: Twitter taken down by distributed denial ...
- Hacking the hacker - fake ATMs in Las Vegas
-
▼
August
(13)
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.