Schneier on Security's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, December 10th, 2012

    Time Event
    5:56a
    Buy Your Own ATM Skimmer for $3000

    I have no idea if this is real. If I had to guess, I would say no.

    1:04p
    Bypassing Two-Factor Authentication

    Yet another way two-factor authentication has been bypassed:

    For a user to fall prey to Eurograbber, he or she must first be using a computer infected with the trojan. This was typically done by luring the user onto a malicious web page via a round of unfortunate web surfing or email phishing attempts. Once infected, the trojan would monitor that computer's web browser for banking sessions. When a user visited a banking site, Eurograbber would inject JavaScript and HTML markup into their browser, prompting the user for their phone number under the guise of a "banking software security upgrade". This is also the key to Eurograbber's ability to bypass two-factor authentication.

    It's amazing that I wrote about this almost eight years ago. Here's another example of the same sort of failure.

    << Previous Day 2012/12/10
    [Calendar]     		Next Day >>

Schneier on Security   About LJ.Rossia.org