Jun. 17th, 2011

thewayne: (Default)
The count of compromised accounts is now over 300,000. Is anyone surprised that a newer number is higher than what they originally said?

http://www.wired.com/threatlevel/2011/06/citibank-hacked/
thewayne: (Default)
Basically, Citibank is a bunch of morons. Apparently your credit card number appears in your browser's address bar, so they would type in another number and that account's information would come up.

So it sounds like they validated the account number once, then when the hackers changed the account number, it was never revalidated and Citi's system assumed all future page accesses were valid. VERY bad form when dealing with money.

It is not difficult to pass information back and forth through secure sessions. In fact, it's pretty darn fundamental. I don't understand why a megacorp like Citi couldn't properly implement something like that.

http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html

http://it.slashdot.org/story/11/06/14/2046216/How-Citigroup-Hackers-Easily-Gained-Access

October 2025

S M T W T F S
    123 4
5 678 91011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 10th, 2025 01:45 am
Powered by Dreamwidth Studios