[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] citibank XSS?

From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Subject: [WEB SECURITY] citibank XSS?
Date: Tue, 25 Jul 2006 11:53:28 -0400

There are some Blackhat teasers at:

http://www.darkreading.com/document.asp?doc_id=99686&WT.svl=news1_2

The article mentions, "Take the recent XSS phishing attack on Citibank
which rendered the bank's two-factor authentication defenseless."

I thought the citibank attack was MITM, no XSS involved.  Am I wrong
on that?  Was XSS used as well?

Regards,
Brian

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] citibank XSS?
  - From: Thierry Zoller

Prev by Date: [WEB SECURITY] Write-up by Amit Klein: "Forging HTTP request headers with Flash"
Next by Date: Re: [WEB SECURITY] citibank XSS?
Previous by thread: [WEB SECURITY] Write-up by Amit Klein: "Forging HTTP request headers with Flash"
Next by thread: Re: [WEB SECURITY] citibank XSS?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org