By Geoff Mosher
Aug 16, 2006
Bank of America Corp's online banking web site contains a vulnerability
that could permit hackers to lock out thousands of customers from their
online accounts, according to a security vendor.
Avondale, Ariz.-based Sestus Data Corp. announced the vulnerability
today, which it says is similar to a denial of service attack through
which hackers remotely lock out customers from their online accounts,
potentially swamping the banks customer support lines.
Sestus said the vulnerability lies in the Charlotte, N.C.-based banks
stronger authentication solution, Sitekey, which poses challenge
questions to customers as they attempt to login to their bank accounts.
By incorrectly answering the challenge questions, customers could be
locked out from online banking. Hackers can purchase databases of
typical logins and incorrectly answer the challenge questions.
Visit the InfoSec News store!