Published On: August 30th, 2012

Aid for Financial Institutions Impacted by Java Vulnerability

Leadfusion extends aid to financial institutions struggling to respond to the latest serious Java security threat.

Leadfusion, a pioneer in Financial Experience Management® (FEM), today announced a special Rapid Replacement Program to help qualified financial institutions (FIs) manage the liability created by the recently disclosed serious Java vulnerability.

On August 27th, the United States Computer Emergency Readiness Team (US-CERT), a part of the Department of Homeland Security, announced a broad vulnerability in Java. US-CERT’s advisory said, “This vulnerability is being actively exploited in the wild, and exploited code is publicly available,” saying further, “We are currently unaware of a practical solution to this problem.”

Leadfusion has joined other industry experts in advising financial institutions running Java-based consumer tools on their websites to remove them immediately. These typically include consumer calculators, planners, and other interactive tools. “The liability and exposure is simply too great for financial institutions to ignore,” said Jeff Scime, Vice President of Solution Delivery for Leadfusion. Mr. Scime went on to add, “This is not the first time client-side Java technology has created security problems for FIs, but it appears to be one of the most serious.”

At the same time, consumers are being advised to immediately disable Java on all popular browsers including Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari. As a result, consumers that have disabled Java and later visit FI websites to research new products will be greeted with error messages. For FI’s affected by this vulnerability the liability and exposure risks are compounded by the loss of in-market consumers to other institutions.

Leadfusion’s broad offering has never used Java and is not subject to this type of vulnerability. With the announcement from US-CERT, financial institutions running this type of Java tool face the difficult choice of immediately removing important website functionality or continuing to use it and risking open ended liability and reputation damage.

Leadfusion is extending aid to the industry as it navigates this new threat with several resources. To assist FIs that are using Java-based tools, Leadfusion is offering a special free hotline for FIs to determine if they are indeed subject to this vulnerability. FI’s can reach the Leadfusion hotline by calling (877)591-0764, where they will have direct access to a technician that will scan their website and provide details on their vulnerability.

In addition, for FIs that are vulnerable, Leadfusion has created a special Rapid Replacement Program. The Rapid Replacement Program couples a fast track implementation with a core set of replacement tools to minimize risk and interruption. Leadfusion’s Rapid Replacement Program allows FIs to quickly and easily eliminate their risk from this threat. Leadfusion’s Rapid Replacement Program is the best proactive response to this threat available today.