: One security expert familiar with the investigation wondered : how the hackers could have known to breach security by : focusing on the vulnerability in the browser. “It would have : been hard to prepare for this type of vulnerability,” he said. : The security expert insisted on anonymity because the : inquiry was at an early stage. A vulnerability in the browser which results in server access. Something sounds fishy, and he/she should remain anonymous.
On Tue, Jun 14, 2011 at 3:16 PM, Robert Slade <[email protected]> wrote: > Apparently, the intruders who breached Citibank tried putting different > "account numbers into a string of text located in the browser’s address bar." > > http://nyti.ms/lNpNP3 > > Boy, account numbers in the URL. Now who could have guessed that bad guys > would have tried messing with that? "The method is seemingly simple, but the > fact that the thieves knew to focus on this particular vulnerability marks > the Citigroup attack as especially ingenious, security experts said." > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
