[Gllug] Linux online banking yet again,

Chris Bell chrisbell at overview.demon.co.uk
Wed Oct 3 13:13:26 UTC 2007


On Wed 03 Oct, Jason Clifford wrote:
> 
> On Wed, 2007-10-03 at 10:34 +0000, Chris Bell wrote:
> >    I saw a report that a bank in north west Europe / Scandinavia had been
> > hit by a worm that waited until a user had logged in to their account using
> > just such a system, and made its own transfers while the link was still open
> > but the user had finished.
> 
> If the customer's PC is under the control of another to that extent no
> security system at the bank's end will prevent this. The security of the
> client side is the responsibility of the customer.

   Agreed, but the worm did not stand up waving a flag, it remained out of
sight.

> 
> As it is once I have logged out or the session has timed out nothing can
> happen until I login again.

   It seems that the worm made use of a very slight delay before the
connection was finally closed.

> 
> Jason
> 



-- 
Chris Bell NEW alternative address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list