Memory Gaffe Leaves Aussie Bank Accounts Open To Theft 69
mask.of.sanity writes "A researcher has found flaws in the way major Australian banks handle customer login credentials which could allow the details to be siphoned off by malware. He built proof of concept malware to pull unencrypted passwords, account numbers and access credentials from volatile memory of popular web browsers every two hours."
My bank doesn't seem vulnerable (Score:5, Interesting)
My bank uses POST in the login form which means that sniffing memory for URLs (which is what this malware seems to do) wont get you a login.
Plus, in order to actually transfer money to someone you haven't transferred money to before you have to input a second password.
The biggest failing of the bank in question is that it has a 10 char maximum on passwords for some stupid reason.