AOH :: ISN-2871.HTM

BofA's SiteKey Vulnerable to Hackers: Report

BofA's SiteKey Vulnerable to Hackers: Report
BofA's SiteKey Vulnerable to Hackers: Report


http://www.banknet360.com/news/NewsAbstract.do?na_id=4903 

By Geoff Mosher
Aug 16, 2006

Bank of America Corp's online banking web site contains a vulnerability 
that could permit hackers to lock out thousands of customers from their 
online accounts, according to a security vendor.

Avondale, Ariz.-based Sestus Data Corp. announced the vulnerability 
today, which it says is similar to a denial of service attack through 
which hackers remotely lock out customers from their online accounts, 
potentially swamping the banks customer support lines.

Sestus said the vulnerability lies in the Charlotte, N.C.-based banks 
stronger authentication solution, Sitekey, which poses challenge 
questions to customers as they attempt to login to their bank accounts. 
By incorrectly answering the challenge questions, customers could be 
locked out from online banking. Hackers can purchase databases of 
typical logins and incorrectly answer the challenge questions.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org

Site design & layout copyright © 1986- CodeGods