Schwab Admits To A "Small" Security Hole
--------------------------------------------------
SAN FRANCISCO, CALIFORNIA, U.S.A.
2000 DEC 11 (NB)
By Martin Stone, Newsbytes.Online brokerage Charles Schwab Corp. [NYSE:SCH] has reportedly confirmed its Web trading site was vulnerable to a security flaw that could allow an intruder to hijack subscribers' accounts, but insisted the risk was small and that no accounts had been illegally accessed.
The revelation makes Schwab the second online brokerage to uncover the flaw after E-Trade Group [NASDAQ:EGRP] did so last month. Schwab oversees some $420 billion in online transactions, listing 4.2 million active trading accounts, according to a Reuters report, which added that the company stated it has implemented temporary security measures and hopes to install a permanent fix by year's end.
The bug, known as cross-site scripting, allows private information such as passwords and bank account numbers, often stored in the users' Web browsers as cookies, to be rerouted to a hacker's e-mail address or Web site. Cross-site scripting is a well-known problem in the security community, Reuters said, but experts insist there have yet been no known attacks on Web sites, and that any hacker who actually gained access to a Schwab account would be able to perform most functions, but, due to extra security measures, would be unable to actually withdraw money.
Reported by Newsbytes.com, http://www.newsbytes.com .