Banking details can be stolen through a new JavaScript exploit

http://www.heise-online.co.uk/news/...len-through-a-new-JavaScript-exploit--/112417

 

As long as I can remember, the proper procedure taught is to close out all windows, then open a new window and connect to the bank site using your bookmarked link.

When finished, log out, close the window, then proceed.

----
rich

 

Pharming or DNS cache poisoning can still nail you even if you use your bookmark, in other words, even though you've done everything right.

Acadia

 

How about OpenDNS ?

 

Thanks for the reminder, Pete. I usually do emphasize that.

Well, pharming, or DSN poisoning, isn't related to the exploit in question, but if you are concerned about that -- which is when a user thinks she/he is accessing the legitimate site's page, but instead is actually accessing the IP of a spoofed site -- one way of insuring that you are going to the correct IP is

1) to create a Custom Address Group of IPs in your Firewall configuration and include the IPs of your secure sites (HTTPS) which use Port 443

2) then create a separate outbound rule for Port 443, designating addresses in that Group.

When going to a secure site, first disable your Port 80 rule. If DNS cache poisoning has occurred (intercepting the connection and directing it to a different IP) your Firewall will alert:

​

Others are using the Open DNS Servers instead of their ISP's DNS servers, as Huupi suggests.

----
rich

 

I do two things to prevent being pharmed out: one was mentioned by Huupi, OpenDNS.

Second, I add my financial sites to my host file that way I jump straight to them without using ANY dns servers.

Acadia

 

That's an interesting solution!

----
rich

 

Another thing is disabling Javascript by default and allowing it only for trusted sites as often recommended because this is truly not the first Javascript exploit. This can easily be done in Firefox (with Noscript) and Opera but not in IE - here you would have to disable scripting in the Internet Zone and add all trusted sites to the Trusted Zone. That's not only very cumbersome - it also means that for all sites where you allow Javascript (or in IE actually Jscript which is even more dangerous than Javascript in other browsers) you also allow ActiveX which you need for the windowsupdate sites. There is no way to distinguish between these sites - either you block everything (in the Internet Zone) or you allow everything (in the Trusted Zone) as there is nothing like a "Particularly Trusted Zone".

This is one major reason why one should NOT use IE.