Colombian ID thief coughs A Colombian citizen has pleaded guilty to ripping off as many as 600 people after planting keystroke-logging software on the PCs of hotels. Mario Simbaqueba Bonilla, 40, used his illicit income to finance trips to exotic locations (including Hong Kong, Italy, and the Caribbean) and expensive electronics. He carried out his …
It boggles the mind that someone actually uses public PC for anything sensitive.
Also amazing is that there are still banks that do not have some kind of one time password system to prevent someone from stealing account info with just a simple key logger.
I got my first online bank account in 1998 or so, and even then the bank I was using used one time passwords in piece of paper, where you crossed passwords out after each use.
> amazing is that there are still banks that do not have some kind of one time
> password system
Yeah. I agree. My primary bank uses a unique system that requires one to have a registered cellphone number (or a SMS-enabled landline phone) with them, and each time a transaction is carried out online an SMS (text message for the stateside folks) with a 6-digit code is sent to the registered phone, and the transaction will refuse to proceed until the code is entered into the page. This method has two advantages:
1. Stall the thief as he tries to brute force through your account as he'll never get the code (certain exceptions apply i.e. he has somehow managed to pull off some sort of suave social engineering with the bank to change the SMS phone number), and
2. It alerts you when someone is accessing your account and is trying to do stupid things with it.
I was surprised that such feature wasn't available on another bank account I opened when I switched jobs last year (had to, the job refuses bank money straight into my primary account).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
