Hackers who stole the personal details of more than 200,000 Citigroup customers 'broke in through the front door' using an extremely simple technique.
It has been called 'one of the most brazen bank hacking attacks' in recent years.
And for the first time it has been revealed how the sophisticated cyber criminals made off with the staggering bounty of names, account numbers, email addresses and transaction histories.
They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account numbers which appeared in the browser's address bar with other numbers.
It allowed them to leapfrog into the accounts of other customers - with an automatic computer programme letting them repeat the trick tens of thousands of times.
More...
That is really really really sad.
My Blog
Free Music I Produced
My Music Available on ED2K
Some of my Tunes on BitTorrent
2005 P2P writer and still alive.
You gotta be fucking shitting me, that is what they pass off as security? That is the level of security zeropaid has for member pictures. I would not even consider that hacking, and if they ever get caught, I hope their lawyer fights it that way.
Can you hear the sound of my palm hitting my face?One expert, who is part of the investigation and wants to remain anonymous because the inquiry is at an early stage, told The New York Times he wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser.
He said: 'It would have been hard to prepare for this type of vulnerability.'
It is not known how much the incident is going to cost Citigroup and its customers.
Anyone upset or offended by my post please follow the link and let your opinions be known.
http://www.zeropaid.com/bbs/showthread.php?t=55492
This kind of low level security seriously needs to stop. So I did a 2000 word rant about this and other hacking saying that being lax about security in big institutions shouldn't be happening.
My Blog
Free Music I Produced
My Music Available on ED2K
Some of my Tunes on BitTorrent
2005 P2P writer and still alive.
The problem with big organizations is that responsibility is always with "someone else".
The best outfits have one boss and only enough managers to sit at his breakfast table.
Try ducking responsibility when you face everybody who's in charge every morning.
And, by the way, figuring this one out was as easy as glancing at the address bar
while using the site and seeing your credit card number is being transmitted in the
clear as part of the URL.
That stupidity would provoke anyone to expose the security hole in very public ways.
Posting Permissions
Reply With Quote
Bookmarks