Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boarding Pass Hacker Targets Bank of America

Posted by kdawson on from the augmented-man-in-the-middle dept.

Concerned Customer writes "The fake boarding pass guy is at it again. His blog shows a demonstration phishing website that is able to bypass the SiteKey authentication system used by Bank of America, Fidelity, and Yahoo. Users will be shown their security image, even though they're not visiting the authentic websites." This hack compounds the study showing that users don't pay attention to the SiteKey pictures anyway.

6 of 160 comments (clear)

  1. Picture? by extern_void · · Score: 2, Funny

    users don't pay attention to the SiteKey pictures
    Picture? what picture?

  2. Re:Good for him! by jimstapleton · · Score: 5, Funny

    If he keeps it up, he'll start to know the agents...

    *hears a knock on the door, and answers*
    Him: "Ahh, Agent Doe! Nice to see you! They sent you out for this one huh? Your standard crew."
    AS: "Yep."
    Him: "Can I interest you in some coffee, tea or a soda-pop while they are working?"
    AS: "Sure, I'll have some coffee"
    *He gets the coffee ready as the other agents go to his computer*
    Him: "Sit down, sit down! Here's your coffee"
    AS: "Thanks. So, everything's going well I take it?"
    Him: "Yeah, I'd ask if you heard about my latest trick, but that's probably why you are here."
    AS: "Yes, it is."
    Him: "So, how's the wife and kids?"
    AS: "Not bad. Jane is in basketball now."
    Him: "Middle school"
    AS: "College"
    Him: "Really? I can't believe it's been that long. It seems like just yesterday you were telling me about her being born!"
    *more idle chatter, eventually several black suits come down carrying computer equipment.*
    AS: "Well, it was nice chatting with you again."
    Him: "Likewise. See you next week, same time?"
    AS: "Sure, what do you have planned now?"
    Him: "C'mon, and spoil the surprise?"
    AS: "Alright, see you next week."

    --
    34486853790
    Connection too slow for X forwarding? Try "ssh -CX user@host"
  3. I Can't .. stop .. myself by slashbob22 · · Score: 3, Funny

    Rather, I think the insightful thing to say here is that you don't gain security by adding arbitrary hoops for your consumers to jump through, but by implementing a real authentication protocol. You are coming to a sad realization, Cancel or Allow?
    --
    Proof by very large bribes. QED.
  4. Re:Bank of America?!? by illegalcortex · · Score: 2, Funny

    You used to live at BANK OF AMERICA? Now that's customer service.

  5. Re:Crux by mypalmike · · Score: 2, Funny

    C:\> vi C:\windows\system32\drivers\etc\hosts
    vi: command not found. ;)

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  6. BofA by crhylove · · Score: 2, Funny

    Well, I was at BofA yesterday, and noticed they are using Windows machines. In my mind that means that none of the $23.62 that I have in the bank is at all secure. I'm losing sleep tonight!

    The sad irony is that my teller CLAIMED that they use the same computer security as the FBI and the CIA. My response was, "No WONDER we're losing the war!"

    rhY

    --
    I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.