Jun. 17th, 2011

thewayne: (Default)
The count of compromised accounts is now over 300,000. Is anyone surprised that a newer number is higher than what they originally said?

http://www.wired.com/threatlevel/2011/06/citibank-hacked/
thewayne: (Default)
Basically, Citibank is a bunch of morons. Apparently your credit card number appears in your browser's address bar, so they would type in another number and that account's information would come up.

So it sounds like they validated the account number once, then when the hackers changed the account number, it was never revalidated and Citi's system assumed all future page accesses were valid. VERY bad form when dealing with money.

It is not difficult to pass information back and forth through secure sessions. In fact, it's pretty darn fundamental. I don't understand why a megacorp like Citi couldn't properly implement something like that.

http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html

http://it.slashdot.org/story/11/06/14/2046216/How-Citigroup-Hackers-Easily-Gained-Access

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 20th, 2025 04:02 am
Powered by Dreamwidth Studios