

If you think breaches are huge now, just wait another year - edw519
http://www.msnbc.msn.com/id/43389964/ns/technology_and_science-the_new_york_times/

======
Animus7
"..leapfrogged between the accounts ... by inserting various account numbers
into a string of text located in the browser’s address bar ... wondered how
the hackers could have known to breach security by focusing on the
vulnerability in the browser."

...so they put forgeable account numbers/cookies in the URL, and then acted
surprised when someone changed them for profit?

------
wccrawford
"The method is seemingly simple, but the fact that the thieves knew to focus
on this particular vulnerability marks the Citigroup attack as especially
ingenious, security experts said."

Experts? Really? They weren't hacking experts, I guess, because this is a
really easy thing to think of. Any good coder specifically prevents it, in
fact.

