Jun. 17th, 2011

thewayne: (Default)
The count of compromised accounts is now over 300,000. Is anyone surprised that a newer number is higher than what they originally said?

http://www.wired.com/threatlevel/2011/06/citibank-hacked/
thewayne: (Default)
Basically, Citibank is a bunch of morons. Apparently your credit card number appears in your browser's address bar, so they would type in another number and that account's information would come up.

So it sounds like they validated the account number once, then when the hackers changed the account number, it was never revalidated and Citi's system assumed all future page accesses were valid. VERY bad form when dealing with money.

It is not difficult to pass information back and forth through secure sessions. In fact, it's pretty darn fundamental. I don't understand why a megacorp like Citi couldn't properly implement something like that.

http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html

http://it.slashdot.org/story/11/06/14/2046216/How-Citigroup-Hackers-Easily-Gained-Access

October 2025

S M T W T F S
    123 4
5 678 910 11
12131415161718
1920 21 22 232425
2627 28 293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 30th, 2025 03:26 pm
Powered by Dreamwidth Studios