Slashdot: Bank of America's SiteKey bypassed

[<rms () computerbytesman com>]

Boarding Pass <http://it.slashdot.org/it/07/04/12/1444204.shtml>  Hacker
Targets Bank of America 


Posted by kdawson on Thursday April 12, @11:51AM
from the augmented-man-in-the-middle dept. 

 <http://slashdot.org/search.pl?tid=172> Security

Concerned Customer writes "The fake boarding
<http://yro.slashdot.org/yro/06/10/28/2358202.shtml?tid=123>  pass guy is at
it again. His blog shows a demonstration
<http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.h
tml>  phishing website that is able to bypass the SiteKey authentication
system used by Bank of America
<http://www.bankofamerica.com/privacy/sitekey/> , Fidelity, and Yahoo
<https://protect.login.yahoo.com/> . Users will be shown their security
image, even though they're not visiting the authentic websites." This hack
compounds the study showing that users don't pay
<http://it.slashdot.org/it/07/02/05/1323243.shtml?tid=172>  attention to the
SiteKey pictures anyway. 

  <http://slashdot.org/login.pl> [+] security
<http://slashdot.org/tags/security>  (tagging beta
<http://slashdot.org/faq/tags.shtml> ) 

*        <http://it.slashdot.org/it/07/04/12/1444204.shtml> Read More... 
*       28 <http://it.slashdot.org/it/07/04/12/1444204.shtml>  of 36
<http://it.slashdot.org/article.pl?sid=07/04/12/1444204&threshold=-1>
comments 
*       it.slashdot.org <http://it.slashdot.org/>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.