Memory Gaffe Leaves Aussie Bank Accounts Open To Theft

mask.of.sanity writes "A researcher has found flaws in the way major Australian banks handle customer login credentials which could allow the details to be siphoned off by malware. He built proof of concept malware to pull unencrypted passwords, account numbers and access credentials from volatile memory of popular web browsers every two hours."

Already running?

You have to be infected first for your credentials to be stolen? Couldn't the hacker just have installed a key logger?

If you can't trust the machine, don't put your sensitive data on the thing.

Re:Already running?

[You're+All+Wrong]

So you're saying that if you log in from a new infected machine, your bank obliges you to leak sensitive security information to the keylogger that's been installed there?

Congratulations for feeling all warm and fuzzy from your bank's security measures whilst gaining very little actual security against real threats - that's what they were hoping you'd feel, you're a good customer.

*One time* passwords are the *only* thing that *can't* be re-used. By definition. If your bank does not use them, get a new bank.