Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

BofA's SiteKey Vulnerable to Hackers: Report

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Aug 2006 03:31:50 -0500 (CDT)
http://www.banknet360.com/news/NewsAbstract.do?na_id=4903

By Geoff Mosher
Aug 16, 2006

Bank of America Corp's online banking web site contains a vulnerability 
that could permit hackers to lock out thousands of customers from their 
online accounts, according to a security vendor.

Avondale, Ariz.-based Sestus Data Corp. announced the vulnerability 
today, which it says is similar to a denial of service attack through 
which hackers remotely lock out customers from their online accounts, 
potentially swamping the banks customer support lines.

Sestus said the vulnerability lies in the Charlotte, N.C.-based banks 
stronger authentication solution, Sitekey, which poses challenge 
questions to customers as they attempt to login to their bank accounts. 
By incorrectly answering the challenge questions, customers could be 
locked out from online banking. Hackers can purchase databases of 
typical logins and incorrectly answer the challenge questions.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: