Slashdot Mirror


HSBC Online Banking Security Flaw Analyzed

greenechidna writes "The BBC is reporting that a vulnerability has been found in the online banking service of HSBC by researchers at Cardiff University. According to the story the attack would allow an attacker to log on to an account within 9 attempts. The attack relies on a keylogger being installed on the victim's machine. The article doesn't have any further technical details." David Nicholson adds links to coverage at CNN and at the Guardian, writing "The attack revolves around the order that customers are requested to enter random security numbers on the site. The main news stories fail to detail the vulnerability but I have provided an analysis of it here."

2 of 178 comments (clear)

  1. How to trick key loggers by Rik+Sweeney · · Score: 3, Funny

    I'm quite worried about key loggers so I always enter my password incorrectly the first two times and then input it successfully the final time. This ensures that my password is as secure as possible.

    More so if I screw up the last attempt and have to request a new password.

    Another simple solution is to keep your password in a text file and copy / paste it in.

    Or your password could just be ******* that would work a treat...

  2. Re:The majority of online systems by Rob+T+Firefly · · Score: 4, Funny

    Safe words, rings, and chains.. is this HSBC or S&M?