Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on May 11, 2007 11:06 AM.

The previous post in this blog was Botnet control tools.

The next post in this blog is Some hope on the horizon for MS Office?.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Botnet control tools | Main | Some hope on the horizon for MS Office? »

Citibank's virtual keyboard authentication busted

Earlier this week, an Indian researcher, Yash K.S., documented how easy it was for criminals to capture the authentication used to login to Citibank accounts when they use a virtual keyboard (used in Asia but not yet in the US). Read about the hack here.

This is yet but one more example of the futility in deploying stronger authentication for accessing bank accounts. While some stronger authentication, like one-time passwords, will thwart malware keyboard loggers, they won't stop man in the middle phishing attacks. In the case mentioned above, the virtual keyboard will still be prey to malware attacks. Instead of using a keyboard logger, the malware will simply use screen capture software to obtain the pin.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on May 11, 2007 11:06 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/227

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)