HSBC online banking security vulnerability? Or not?
Here's the article:
Here's what it says:
"The researchers, who plan to publish full details of their findings in security journals later in the year, have so far only divulged that the vulnerability would mean a machine compromised with a key-logger would quickly reveal all the information a criminal would need to gain fraudulent access to an account." (Underlining my emphasis).
Maybe I'm missing something here but it seems that the "researchers" are focusing on the wrong place with this "vulnerability". If a machine is compromised with a key logger you have a hell of a lot more to worry about than an alleged HSBC online banking vulnerability - *any* Web site that requires a user to enter username and password using a keyboard is at risk, so why target just HSBC?
Some sites, such as ING, use a mouse-only log-in protocol (screenshot below), but even that type of log-in is vulnerable to screen-scrapers and hostile software that tracks cursor position and mouse clicks.