greenechidna writes "The BBC is reporting that a vulnerability has been found in the online banking service of HSBC by researchers at Cardiff University. According to the story the attack would allow an attacker to log on to an account within 9 attempts. The attack relies on a keylogger being installed on the victim's machine. The article doesn't have any further technical details." David Nicholson adds links to coverage at CNN and at the Guardian, writing "The attack revolves around the order that customers are requested to enter random security numbers on the site. The main news stories fail to detail the vulnerability but I have provided an analysis of it here."