http://www.banknet360.com/news/NewsAbstract.do?na_id=4903 By Geoff Mosher Aug 16, 2006 Bank of America Corp's online banking web site contains a vulnerability that could permit hackers to lock out thousands of customers from their online accounts, according to a security vendor. Avondale, Ariz.-based Sestus Data Corp. announced the vulnerability today, which it says is similar to a denial of service attack through which hackers remotely lock out customers from their online accounts, potentially swamping the banks customer support lines. Sestus said the vulnerability lies in the Charlotte, N.C.-based banks stronger authentication solution, Sitekey, which poses challenge questions to customers as they attempt to login to their bank accounts. By incorrectly answering the challenge questions, customers could be locked out from online banking. Hackers can purchase databases of typical logins and incorrectly answer the challenge questions. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 08:16:36 PDT