Friday, August 21, 2009

Ameriprise website security: Fly-by-night operation

Ameriprise one of the larger financial investment companies did not patch major security flaws on their investment site for at least five months. Russ McRee notified Ameriprise financial several times but none of his emails were answered. The flaws Mr. McRee discovered allowed even lesser skilled attackers to exploit those vulnerabilities and ultimately bring customers/users of Ameriprise at risk. One of the flaws allowed for sending Ameriprise customers bona fide links to the Ameriprise website that opened pages that intermingled counterfeit content with legitimate text and graphics.

I can only think of one case that tops this "fly-by-night" operation and this is with ISH/UnityMedia a cable company in Germany, that actually replied to emails complaining about Spam coming from their network with the comment "Just configure your Anti Spam software, this is not our problem".

Seems like irresponsibility is on the rise.

Read the article: Security bugs crawl all over financial giant’s website

1SSA - Security Consulting, Training and Products