Consumerist isn't a Gawker property anymore. They are now owned by Consumers Union, who also publishes Consumer Reports.

I was actually disappointed by the NYT article. They interview security experts who call the attack "ingenious", "hard to prepare for" and performed by exploiting a vulnerability in a browser. This understates how incompetent the bank's website design is.

That was why I linked to this article rather than the NYT. The article linked to, while shorter, contains all of the relevant information and less completely random cluelessness.

The NYTimes story is the 2nd crime, because they're white washing Citicorp's responsibility. With all the hacking that's been going on recently, the NYT needs a full time cyber security reporter.