 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | Hackers outwit online banking identity security systems Hackers outwit online banking identity security systems
By Spencer Kelly
Criminal hackers have found a way round the latest generation of online banking security devices given out by banks, the BBC has learned.
After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system".
Money is then moved out of the account but this is hidden from the user.
Experts say customers should follow banks' official advice, use up-to-date anti-virus software and be vigilant.
Devices like PINSentry from Barclays and SecureKey from HSBC - which look a lot like calculators - ask users to insert a card or a code to create a unique key at each login, valid for around 30 seconds, that cannot be used again.
This brought a new level of online banking security against password theft. The additional line of defence provided security even if a user's computer along with any password information was hacked.
While these chip and pin devices make the hackers' job more difficult, the hackers themselves have raised their game.
'Man in the Browser' attack
A test witnessed as part of a BBC Click investigation suggests even those with up-to-date anti-virus software could be at risk.
There is no specific risk to any one individual bank.
In the test the majority of web security software on standard settings did not spot that a previously unseen piece of malware created in the software testing lab was behaving suspiciously.
The threat does not strike until the user visits particular websites.
Called a Man in the Browser (MitB) attack, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered.
How to spot if you have been infected
If your transaction seems to be taking longer than normal, there is a chance it is going via a fraudster's system
If you are asked for more information than normal, especially entire passwords where previously you were only asked for part, your machine may have been infected
Computers that have been infected often slow down while malware monopolises both the processor and the internet connection
Some versions of the MitB will change payment details and amounts and also change on-screen balances to hide its activities.
»www.bbc.co.uk/news/technology-16812064
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 psafuxPremium,VIP
join:2005-11-10
kudos:2 | Good info, don't get me wrong, but this was posted like a week ago.
This stuff is going to get worse and worse before (if) it gets better. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | Thanks..did not catch it back then...and bummer, the search funtion at our site seems to be out of order just now..for me anyway. |
|
TheMGPremium
join:2007-09-04
Canada
kudos:1 Reviews:
 ·TekSavvy DSL
2 edits | reply to Name Game
Pretty soon the only way to be 99.9999% secure with online banking will be to boot from a known-clean operating system on a read-only file system, such as a live CD or hardware write protected USB flash drive.
Actually, it's probably only a matter of time before banks come up with smartphone-like devices dedicated to banking, with a fully custom and locked-down operating system, which can not be used for anything other than online banking. Of course, there will be an associated monthly fee for this. |
|
|
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:19 | Isn't "secure" really an oxymoron today? Even 99.9999%. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to TheMG
Just use a secure, landline CORDED phone for your banking. It is free and secure. There are a lot of combination phones out there now. The base phone is corded and then there is one, or more, cordless handheld phones added.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
