Bank of India: We’re back - with pop-ups
September 5th, 2007 by Juha-Matti, Filed under: Commentary, Virus, Corporate Security
The Web site of Bank of India is up and working again after the very serious attack last week.
From the pop-up generated by
www.bankofindia.com/home/startpage.asp
SITE HAS BEEN RESTORED AFTER MAKING IT SAFE FOR CUSTOMERS TO VISIT WITHOUT WORRY!!!!!
NOTICE
In reference to our RFP BOI/HO/IT/FIS/1 dated 1.8.2007for providing Financial Inclusion solution the due date for submission of the bid is extended upto 8th September 2007
But after the delay of some seconds the following error message appeared (Safari in use:)
Server Error in ‘/’ Application.
The resource cannot be found
Description: HTTP 404
Requested Url: /home/OpinionPoll/opinionpoll.aspx
On Monday 3rd Sep the format of main page URL was different:
www.bankofindia.com/home/index.asp
generating a 404 today.
Since last Saturday they have shared the following statement without information about Trojan/spyware risks:
This site is under temporary maintenance till further notice.
Kindly bear with us
BTW: Their online banking system Star Connect uses pop-ups as well.
-
Find security holes before hackers do. Sign up for a Vulnerability Assessment now!
Subscribe
Subscribe
If I had any issues like this with my bank i’d switch banks so quick its not funny.
To most security experts this will seem extremly unacceptable as can be seen by missenlinx’s post.
However I have been working with IT security in India and internationally for quite a while now.
Having Bank and other high sensitive websites with SQL Injections, Remote VNC and other blatant vulnerabilities are not rare.
In my opinion it would be harder to compromise most cheap hosting servers as opposed to Indian Banks and Corporates.
–
Yash Kadakia
not working