Hacking Citibank's virtual keyboard
In some countries outside of the US, Citibank has a login option to enter your PIN by clicking on the display of a keyboard rather than with the physical keyboard. Perhaps the idea is to defeat keyloggers, but a researcher has demonstrated that it's easy for malware to capture the PIN anyway.
The technique, posted on the popular Bugtraq mailing list, generated some scorn from readers (not an unusual result on Bugtraq).
At Yahoo! News.
[ Read more ]