In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint. This BBC article describes exactly that: After logging in to the bank's real site, account holders are being tricked...

It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Funny. Fake, but funny. Edited to add (2/3): The rest of the story....