Throwing another lock on seems like the most logical way to secure an apartment—or a website. But a new attack called “Man in the Browser” allows attackers who have infected a computer with malicious software to get around the bank website security systems that demand, for example, a pin in addition to a password.
A BBC investigation uncovered the vulnerability. Once an attacker has access to the browser, they can ask a user to enter their authentication code or password into an inappropriate field as part of an effort to “train a new security system.” If the user falls for it, the attacker gets full access to the bank’s website, and can even obscure withdrawals of funds.
This points to a larger issue, says security technology OG Bruce Schneier: All security solutions that consist of adding another password or pin to the process are attempts to authenticate that a person is who they say they are, when the only real solution is to authenticate the transaction itself.
That means what all bank and other secured websites need are elaborate fraud-detection algorithms akin to those used by the financial industry to secure credit cards. Credit cards are easily forged, but it doesn’t matter, in part because banks prevent fraud by examining activity rather than trying to directly verify that a credit card is being used by its rightful owner.
Going bald? Lab-grown hair cells could be on the way
These biotech companies are reprogramming cells to treat baldness, but it’s still early days.
Meet Altos Labs, Silicon Valley’s latest wild bet on living forever
Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.
Meta’s new learning algorithm can teach AI to multi-task
The single technique for teaching neural networks multiple skills is a step towards general-purpose AI.
A horrifying new AI app swaps women into porn videos with a click
Deepfake researchers have long feared the day this would arrive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.