Web Browser Insecurity and Online Banking

Bruce Schneier this morning linked to a new paper titled "Understanding the Web browser threat: Examination of vulnerable Web browser populations and the insecurity iceberg" by researchers from Google Switzerland and IBM Internet Security Systems. The conclusion of the article, based upon an extensive analysis of Google log data, is that 637 million users globally (45.2% of the total) "were not using the most secure web browser version".

Bankers with online banking web sites will find this paper of interest. It might trigger some thoughts with respect to steps an online bank might take based upon examining the online banking user's browser version and, if seriously old and exposed, to suggest that to the user that they really need to upgrade to avoid potential vulnerabilities.

For example, 37signals, a provider of online project management and collaboration tools, announced today that it would no longer support users running Internet Explorer 6 and below starting next month. They did it because of browser/design compatibility issues but PayPal's recently made comments about taking similar steps because of security vulnerabilities in older browsers.