British Internet bank Cahoot has plugged a flaw in its online security that could have enabled people to move freely in and out of other customers' accounts. Cahoot took the site down for 10 hours while it fixed the flaw, according to a representative for Abbey, Cahoot's parent financial institution. The problem was likely the result of an upgrade 12 days ago.
During the outage, the previous system was put in place, independently tested by Qinetiq and found to prevent the breach -- indicating it was the systems upgrade that was responsible.
The vulnerability was discovered by a customer who had bookmarked areas of his online bank account, Abbey said. The customer was then able to access those areas on future visits to the site without entering anything other than a user name.
When the customer began tinkering with the site, he noticed he was also able to access other customers' accounts simply by guessing user names and then moving to a bookmarked page.
The process of guessing user names is far from rocket science, given the likelihood of there being a number of variations on popular names such as John Smith or Jill Brown.
Full story... Source : ZDNET AU
You can click here to see
Today's Posts
|
Most Active Topics
|
Posts Since Last Visit
Printable Version
All Forums >> [News Around The Web] >> Security News >> Bank Accounts In Online Security Scare ! 
Bank Accounts In Online Security Scare ! - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread