October 13, 1995
Web posted at: 8:10 a.m. EDT
From Correspondent Susan Reed
BERKELEY, California (CNN) -- Researchers at the University of California at Berkeley say there is no such thing as secure banking on the Internet. In light of security problems, they've found bank customers might be better off standing in line.
"We're attacking the software that's trying to provide you security and breaking it in a silent way so you can't detect it," said Pal Gaulthier, a Berkley graduate student and part of a team that has issued a warning about Internet banking.
Your computer tells you you're secure. At the same time, someone else has access to your files and any credit card numbers.
This basic flaw on the Internet is not new, but is gaining attention because of the growing amount of commerce on the World Wide Web. Netscape had to withdraw and improve its software when the Berkeley researchers proved it was insecure.
"We love the notion of harnessing all of their energy to help us make our software more and more secure," said Michael Homer of Netscape Communication Inc.
Like Netscape, many believe security is evolutionary. But this basic flaw makes it possible to put programs on the Internet that just pull in credit card numbers. It's possible for criminals to collect hundreds or even thousands of credit card numbers off the Internet. But the future of computerized banking is in even greater danger. Presently you can only check your balance on the Internet, but banks would like to use on-line banking to transfer funds.
"If someone manages to break the security and read your authorization code, they can then pose as you and use that authorization code to transfer a thousand dollars from your account to their account," said Ian Goldberg a member of the Berkeley research team.
Banks are taking it slowly.
"We're worrying, too. That doesn't mean that over time, there won't be adequate security," said Dudley Nigg of Wells Fargo Bank.
Right now, experts say the best defense is to not download programs from the Internet and use software that checks the safety of programs.
![[Imagemap]](/TECH/images/tech_nav.gif)
Copyright © 1995 Cable News Network, Inc.
ALL RIGHTS RESERVED.