Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)
Post about a MITM attack on Citibanks two-factor authentication system. The relaying of error messages from Citi by the attacker is a nice touch as it makes it seem a lot more legitimate...
Well not really a surprise that the attackers have worked this out. Of course it's slightly easier to detect/shut down as they have to do the attack in real-time as opposed to gathering the credentials and then using them at their leisure, which can happen with standard phishing.
Still, goes to show that there's more work neeeded to be done on this.