Monday, August 11, 2008

Internet Banking, IDS/IPS and Application Security

I received highly-reliable reports that two large Philippine banks' online banking system were compromised. A third bank's website got vandalized. I can't divulge the names of the banks but I'm just worried about it. One of them I have a pending application for a card that I'm thinking of just not pushing through with.

one of the banks I know have expensive and sophisticated Intrusion Prevention Systems (IPS) in place since I personally know their Information Security Officer and IS Auditors. But their "pride" took a beating at this latest problem of theirs.

I would like to point out that no amount of obscurity, Firewalls and IPS/IDS can ever compensate for a poorly designed online banking application.

Web application security is still not a hot topic here for a simple SQL injection attack can access confidential information there.


  1. OMG, can you PM me, i've been doing ebanking, this scares me!

  2. freeze, nothing to worry about except your money :P the bank absorbed everything just to not anybody know about it. reputational risk :(