http://blogs.technet.com/steve_lamb/archive/2006/07/20/442599.aspxNetcraft have reported cases of banking sites being compromised even though they use two factor authentication. The scam is pretty straight forward as it's low tech and relies upon mis-directing the user rather than exploiting a vulnerability on the targeten-GBCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/steve_lamb/archive/2006/07/20/442599.aspx#442672Thu, 20 Jul 2006 22:28:01 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:442672Jeanie DeckerThat must be why BofA suddenly complicated their logon system - it took me about 15 minutes to add all the extra information they wanted so that they would know it's me and I would know it's them. (Would have been nice if they'd explained beyond the vague and innocuous "we care about security"...)