Citibank: Online User Authentication Security Mechanism Thwarted
An Indian computer hacker known as Yash K.S., has found a way to manipulate a computer to thwart the virtual keyboard user authentication security mechanism which Citibank had employed in its online banking presence in India. Yash has published details of this exploit at http://www.tracingbug.com/index.php/articles/view/23.html.
Ok, enough for the technology jargon geek speak. I'm confident Citibank spent allot of time and money developing this security mechanism to ensure the security of its online banking services. For being proactive in developing new methods of securing online banking, Citibank gets my sincere thanks as a banking industry consumer.
The biggest lesson is that no matter what a business or organization does to protect their technology systems, there will always be someone willing to spend allot of effort (time and/or money) finding ways to breach your information security mechanisms. Risk cannot be avoided only managed and minimized.
Comments