[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?

To: security@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Mon, 9 Jan 2012 13:41:51 -0500

On Mon, Jan 9, 2012 at 11:25 AM, ACROS Security Lists <lists@xxxxxxxx> wrote:
>
> Many online banks we've reviewed have been found to be vulnerable to the 
> "currency
> rounding attack". What's special about this attack? Not much, except that it 
> seems to
> be perfectly legal and allows one to make tens of thousands of EUR/USD per 
> day. Read
> about it in our blog and help your banks avoid it:
>
> http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html
>
> or
>
> http://bit.ly/yp4idv
I believe the term is "arbitrage" (not rounding attacks).

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?
  - From: Memory Vandal

References:
- [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?
  - From: ACROS Security Lists

Prev by Date: [Full-disclosure] McAfee "Relay Server" Product Installs Open Proxy On Consumer PCs
Next by Date: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Previous by thread: [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?
Next by thread: Re: [Full-disclosure] Is Your Online Bank Vulnerable To Currency Rounding Attacks?
Index(es):
- Date
- Thread