The security industry has been often notorious for employing FUD - Fear, Uncertainty and Doubt - tactics to try and sell products and services. Here is another example of how misleading this can be.
Security "researchers" claim that there is a flaw in the online banking portal of HSBC, in that attackers who manage to install keyloggers on an HSBC user's system can learn the logon credentials of that user. Well first of all, in order to get a keylogger onto a desktop, the attacker would need to be able to break into that desktop. And second, if a keylogger does get installed, there's a lot more to lose than just your banking credentials. Potentially, every keystroke - your chat conversations, emails, passwords, everything - can and will be emailed to the attacker's email address. Now HSBC could have a virtual keyboard, but even that is exploitable.
Now, let's think from an attacker's point of view. What is easier and more lucrative? Sending millions of phishing emails and then capturing the logon credentials of an average 1% of users who fall for it, or locating HSBC customers, installing keyloggers, and then getting their logon credentials. I think I'd put my money on the former, and that explains the millions of phishing emails spamming our mailboxes everyday.
Here's a saner analysis of the whole story.
Who picked up the story? None other than the venerable BBC. And here's more. The researchers admit that HSBC is probably not the only bank affected by this issue. Well, duh yeah! Any site, any application, and any desktop is pretty much vulnerable once a keylogger is installed!
About Me
- Kanwal K Mookhey
- Mumbai, India
- I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE. The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.
The Ultimate Startup Guide
The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams.
Here are some of the key questions you will find answered in this book:
Details of the book are: Title: The Ultimate Startup Guide Author: Kanwal Mookhey Pages: 150 Additional: Companion CD contains numerous templates for building your business plan, calculating cashflow, preparing profit and loss, and balance sheets, preparing invoices, your resume and profile, marketing material, websites, contracts, and many other useful and motivational material. |
Tuesday, August 15, 2006
HSBC "security" flaw - FUD anyone?
Posted by Kanwal K Mookhey at 6:53 AM
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment