funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Citibank hacked by URL fuzzing?

From: Drsolly <drsollyp () drsolly com>
Date: Wed, 15 Jun 2011 12:34:23 +0100 (BST)
Here's how it works.

Journo: "Are you a security expert?"
Village idiot: "Yes"

Thus, the village idiot is now a securoty expert.

On Tue, 14 Jun 2011, Robert Slade wrote:


Apparently, the intruders who breached Citibank tried putting different "account numbers into a string of text 
located in the browser’s address bar."

http://nyti.ms/lNpNP3

Boy, account numbers in the URL.  Now who could have guessed that bad guys would have tried messing with that?  "The 
method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the 
Citigroup attack as especially ingenious, security experts said."

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: