[WEB SECURITY] citibank XSS?

Brian Eaton eaton.lists at gmail.com
Tue Jul 25 11:53:28 EDT 2006


There are some Blackhat teasers at:

http://www.darkreading.com/document.asp?doc_id=99686&WT.svl=news1_2

The article mentions, "Take the recent XSS phishing attack on Citibank
which rendered the bank's two-factor authentication defenseless."

I thought the citibank attack was MITM, no XSS involved.  Am I wrong
on that?  Was XSS used as well?

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list