Hacked Bank of India Site Labeled Trustworthy

SkiifGeek writes "When the team at Sunbelt Software picked up on a sneaky hack present on the Bank of India website, it became a unique opportunity to see how anti-phishing and website trust verification tools were handling a legitimate site that had been attacked. Unfortunately, not one of the sites or tools identified that the Bank of India website was compromised and serving malware to all visitors The refresh time on a trust-brokering site is too long to be useful when a surf-by attack on a trusted site can take place in a matter of seconds, with a lifetime of hours, and with a victim base of thousands or greater."

Re:Banks: Please Stop Using ActiveX !

The main problem is that the Indian technical institutes rarely teach anything besides Microsoft products. So each year they produce many thousands of students who know of nothing but Windows, VB.NET, SQL Server, and ActiveX. When you only really know about one particular set of technologies, and virtually nothing about the alternatives, you'll usually make poor choices regarding which technologies to use. In the case of ActiveX, its use can easily lead to compromised systems and data.