Apparently, the intruders who breached Citibank tried putting different "account numbers into a string of text located in the browser’s address bar."
http://nyti.ms/lNpNP3 Boy, account numbers in the URL. Now who could have guessed that bad guys would have tried messing with that? "The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said." _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
