Security News in the Press
Here is an interesting way to present the security news. For unknown reasons the authors of the article from Guardian Unlimited decided that HSBC bank accounts are especially prone to keylogger attacks:
The flaw, which is not being detailed by the Guardian, revolves around the way HSBC customers access their web-based banking service. Criminals using so-called "keyloggers" - readily available gadgets or viruses which record every keystroke made on a target computer - can easily deduce the data needed to gain unfettered access to accounts in just a few attempts.
Other banks use a different system, which researchers say is more secure.
Found via Schneier on Security.
most online bank logins require you to enter your password using a seried of pull-down lists, each containing the complete alphabet, whereby you spell out your password, instead of typing it in. Hence not vulnerable to keyloggers. Maybe HSBC didn;t do that.
Posted by: ben | September 16, 2006 at 10:20 PM
Interesting... Do you mean something like RSA SecurID Token authentication?
BTW, I am not aware of any Canadian banks using this for online logins.
Posted by: rkarimov | September 16, 2006 at 11:01 PM