Thursday, 11 September 2008

Cookie Monster Attack "Hacks" Your Bank's Legitimate Website

New alert, new malware that will steal your banking details, only this time, it can do it when you're logging into the legitimate secure website. Read to the bottom of the article for a quick test of whether your bank is vulnerable to this attack.  Make them aware if they're not - the best way for them to fix it is to ensure that all cookies are sent via https as well, apparently, and the problem then ceases to exist. 

If left unpatched, this vulnerability will let the bad person open whatever account page you just left, and carry on the session as though they were you.  Do do do do do let the bank know if they are vulnerable.  Threaten to change banks, cajole them, offer them an underpants clad minister if you have to... 

No comments: