[Gllug] Linux online banking yet again,
Chris Bell
chrisbell at overview.demon.co.uk
Wed Oct 3 13:13:26 UTC 2007
On Wed 03 Oct, Jason Clifford wrote:
>
> On Wed, 2007-10-03 at 10:34 +0000, Chris Bell wrote:
> > I saw a report that a bank in north west Europe / Scandinavia had been
> > hit by a worm that waited until a user had logged in to their account using
> > just such a system, and made its own transfers while the link was still open
> > but the user had finished.
>
> If the customer's PC is under the control of another to that extent no
> security system at the bank's end will prevent this. The security of the
> client side is the responsibility of the customer.
Agreed, but the worm did not stand up waving a flag, it remained out of
sight.
>
> As it is once I have logged out or the session has timed out nothing can
> happen until I login again.
It seems that the worm made use of a very slight delay before the
connection was finally closed.
>
> Jason
>
--
Chris Bell NEW alternative address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list