For the several hours that the New York Times’ went digitally dark Tuesday, bankers would have been smart to pay attention.
The exploit is common and virtual thieves have been employing the tactic since domain registrars changed website information after being prompted by a fax.
”If your registrar uses single factor authentication, you are just as vulnerable” as the NYT is, a source told me. “If that [registrar] gets pilfered, every single domain name that is associated with that username and password is vulnerable to that same attack.”
Indeed, banks are no more safe or unsafe than any other company that does business on the net.
Financial services companies are completely at the whim of their vendor’s security standards.
And it’s as easy as finding out the domain registrar of Bank of America.
You see, if MarkMonitor Inc. is allowing its users to login online using only a username and password, the bank is screwed.