I love articles like this because I work for a bank!
The local media loves to do these types of articles and I love them for it. Why? Because they have no clue what they're doing so we always look great.
- They never chase links so they never test our online banking systems or our online account opening sites, which are on separate servers from the brochureware home page.
- They never check DNS configurations to see if we have CAA, SPF, DKIM, or DMARC records deployed.
- They never check to see if we allow DNS zone transfers from arbitrary IP addresses, not only revealing systems publicly that we don;t want the world to know about but that also allows us to be used in DDoS attacks,.
- They never check the robots.txt files to see if we're using them as a form of security through obscurity.
- They never check email DNS records to see if we have over one million IP addresses listed in our SPF record because of Office 365 usage. Or are using +all in it
- They never use a real website testing service like observatory.mozilla.org so The Big D does not show on sites that SSL Labs rates as an A: https://observatory.mozilla.org/analyze.html?host=santander.com
Keep up the good work, folks!