No, I don't think easy to miss because it shouldn't be possible in the first pla...

		planb on June 15, 2011 \| parent \| context \| favorite \| on: How Hackers Stole 200,000 Citi Accounts Just By Ch... No, I don't think easy to miss because it shouldn't be possible in the first place. At least for a banking software, the web application layer is not the right place to check for this kind of authentication. This makes me wonder how their code must look like...