On-line Banking - which way?

Q On-line Banking - which way?
A Puppy Linux way...

 

With regard to MITM attacks, Rapport (at least I think it's Rapport that does this) checks that the certificate presented by the banking website you go to matches the certificate it has registered for that site, i.e. it doesn't just rely on your browser to confirm that the certificate presented is signed by a CA in the certificate store.

So stealing a Comodo (for example) root private key to create your own certs, followed by a MITM attack on a banking website should not work with Rapport.

 

I'm more concerned with non PC infected MITM attacks.

Sure that would work

I was thinking more generally about MITM attacks, not just banking, or locally infected by Malware. So i thought that maybe yourself & others might like to explore this further, in a new thread !

*

For those that may be interested, here's a couple of links that go into more detail about this.

Man-in-the-Middle Attack

 

ExploitShield

I find it interesting that an outfit that purports to prevent zero day exploits is installing tracking software on your PC. Observe the download button.

Plus its being promoted by CNET

Thanks but no thanks.

 

Which tracking software in ExploitShield would that be?

Al

 

From that article:

And from your other cited article:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

I remember these types of examples from a few years ago, and decided that the scenarios were not related to anything I do in my daily computing, so I lost interest.

My interest in these attacks relates to online banking compromises that could affect me. But I'll keep an eye on your thread to see what develops!


----
rich

 

To reduce the risks encountered by online-banking or other financial transactions over an unsecured WIFI I am using KIS 2013, which has Safe Money, and Avast Pro 7 with its Safe Mode. Avast also has the option to run your browsers sandboxed.

Because of the problems with sandboxed browsers in Avast I installed Trusteer. In Avast it prevented the sandboxed browsers from opening. I did not experience a problem with SafeMode. Removal stopped that problem although there are other problems with the sandboxed browsers which makes them unusable for me.

In Kaspersky 2013 the original printing problem from Safe Money was fixed. However, I saw a post on the Kaspersky forum that someone could not print from Safe Money. I decided to try mine and see if there was a change. I had installed Trusteer to be a substitute for a sandbox. I found I could not print from Safe Money with Trusteer installed. Removal solved the problem.

Although a great utility Trusteer Rapport conflicts with sandbox in Avast and with Safe Money in KIS 2013.

Trusteer support is great, and altlhough they are working on the problem I doubt it will solve the problems soon.

Regards,
Jerry

 

Excellent questions. I'm calling bullsh#t that any AV company can prevent MiTM attacks. I totally agree why haven't the AV companies setup a www we can use to check if we are being MitM'd.

Companies like Webroot & Trusteer are selling FUD IMHO saying they can stop it. Yeah total bullsh#t I'm calling..

 

Well nobody has been able to proof the opposite...
If Trusteer Rapport for example checks the IP of the bank, the DNS being used, and the Cert against the ones stored in their database... I think with that you can avoid most of the MITM attacks.

 

Gotta say that I'm always recommending the linux boot disk options to friends, relatives and other of a paranoid disposition.

Had a couple of moans about the fact they have to constantly re-enter their WPA key every session but its a small price to pay for piece of mind.

Found that Linux Mint seems very adept at detecting most NIC's and doesn't have the Unity front end that scares most non Linux users to death when they boot up with Ubuntu!
Puppy Linux is just fantastic too, my kids use it on their laptop and talk about breathing new life into old kit. Installed it permanently after couple of sessions.

 

CA's are just a broken security platform. Comodo, Digitnoir got hacked. Probably there are many others.`So basing security on CA's is just wrong.

 

Well if there is a fake website with a fake CA (that has to be exactly the same than the original, and I doubt this is possible..) then IP would be different and will be blocked anyway.

Anyway the cert check done by TR compare a valid cert stored in their database with the new one, they don't just check if the cert is valid.
Something like this: http://perspectives-project.org/

http://arstechnica.com/security/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached/

 

What are you talking about

We don't bundle anything in our installer, let alone a "tracking" software.

The ExploitShield installer you download from our website and from cnet are both the same, ExploitShield-Setup.exe with MD5 3B60D306DE299716F17EEB748B5C9886 and digitally signed by ZeroVulnerabilityLabs, Inc.

 

Download wrappers.

http://forums.cnet.com/7723-12543_102-550630/download-com-wraps-in-their-own-installer-ads-spyware/?messageId=5247572&tag=nl.rCOMBINED#message5247572

 

What does this have to do with ExploitShield

Please check your facts before spreading FUD.

 

hi
Just an reply to guest previous post
https://www.wilderssecurity.com/showpost.php?p=2122598&postcount=65
My links were only an antimarketing echo of your serial Trusteer links.Nothing less, nothing more.
At the opposite of small editors like Softsphere,Sandboxie and co, it seems that when some campanies become popular, they are suddenly affected by the bad faith.
As pointed out and prooved by these little stories http://www.digit-security.com/blog/?p=333 https://www.wilderssecurity.com/showthread.php?t=296560
Playing a bypass game with Trusteer is an ethical way a dead end, but technically not a big challenge at all.
This thing said, i conceed that it is one of the most interesting (easy to deploy, transparent etc) online banking focused solution for the mass.
Trusteer provides also a kind of remote forensic service via Flaslight (http://www.ebizq.net/news/12370.html ) wich have advantages and drawbacks (privacy, warranty ) impact.
In this emerging market, there is may other interesting SaaS solutions compared to Trusteer like Threametrix, SafeNet and more on the Garner overview http://www.ciradar.com/testold/test...ant_for_Web_Fraud_Detection_-_April_2011.aspx
And as i said it in a previous post, an user can bank online safely without any kind of arsenal...
The answer to a process is not always a software, which is ususally only a part of the solution.

Regarding MitM, i guess that this DEFENSE board is not appropriated for such discussions, as most tools are considered as hachers tools/unwanted programs by antivirus, and as this kind of attack have legal/law implications.
Established Ethical haching/pentesting training sessions are more recommended than doing this from home (it takes a few hours only to learn for anyone who is familiar with protocols, ipatables and terminal), even if MitM are legally and legitimatelly used by law enforcement govt agencies http://www.wired.com/threatlevel/2010/03/packet-forensics/
Well...when i have included Man in The Middle attack on my HIPS methodology in 2006/2007 (http://kavtest.over-blog.com/article-3591077.html ), the available methods and tools (Abel and Cain, dsniff, ettercap etc) were limited compared to the current available arsenal.
Now with the number of tools and specialised LiveCD (pentesting, wireless), attacks become easier.
It is important to understand that most MitM attacks are not cryptography based: even if the authentification process is asymethric and leave the client/user side vulnerable, the attack take advantage of a well known network attack; arp poisoning.
In a few words, when the CLIENT/USER U connects to the Bank B, the attacker A intercepts and redirects the traffic between U and B, and send an unencrypted fake request.
The goal of A is to be seen as B by U and as U by B, and with Moxie tool for instance, the attacker A redirects HTTPS traffic to HTTP (the user see a fake favcon) and then type his logins that are easyly intrcepted and available in ssltrip.log file.
As i thinhk in French but post in Enlish, i hope that it is quite clear and simple.
This kind of attack is not difficult to detect for an experienced/advanced user, with or without the need of browser addons (https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/ https://www.eff.org/https-everywhere ) or MitM proxy tools (Paros and Burp, discussed here years and years ago )...
There is variants MitM designed specifically to steal cookies, not difficult with a minimum of training (here again, i do not want to mention and make these tools popular, and do not encourage illegal pentesting).
Well..if we extend the original toppic, it could unfortunatelly not be circumscribed by a few words and minutes.
Regarding ExploitShield, i doubt that it contains adware, but i hope to have a quick look at it and then post in its original thread.

rgds

 

Here is the link to download ExploitShield on CNet: http://download.cnet.com/1770-20_4-0.html?query=exploitshield&platformSelect=&tag=srch&searchtype=downloads&filterName=platform%3DWindows%2CMobile%2CMac%2CWebware&filter=platform%3DWindows%2CMobile%2CMac%2CWebware

Notice the download icon for it.

Now read this article from Emsisoft: http://www.emsisoft.com/en/kb/articles/tec120224/

Now note Emsisoft's recommendation.

 

Good grief,if I had such a difficult time deciding on software in order to help protect me while shopping/banking online,I'd unplug my computer and never shop online again,seriously,you guys are making this sooo difficult.

Most of you are thinking your gonna be a victim even before it happens.

 

It sure does appear that "The sky is falling."

Evidently some are convinced that there is no protection and so why resist?
I don't know much, but I know that on certain days against certain attempts to infect, some AVs do in fact protect above 90%. Accordingly I will continue to use what I can determine to be the best protection available.

I don't care if the sky is falling. I do not think it is going to fall on me, and I get bored with reading how some here are so bright as to be able to figure out how to defeat any system. Surely the AV companies would pay you a tidy sum to show them how to defeat your own brilliant ways to penetrate their solutions.

Jerry

 

You were given the address of the official download site for ExploitShield. I don't know why you keep harping about CNET offering it as a download. It does not mean the product itself contains tracking software. If you don't like CNET, do like me and don't use it. Learn to use official download sites where products have their home. There's no need to pick out a single product from hundreds offered by CNET and complain about it.

Al

 

@kareldjag's
I really don't understand the relation btw your comments regarding TR and the links you have posted.
According to you is trivial to bypass it but you can't show any evidence.

 

I agree with you 100%. Unfortunately official download sites i.e. vendor web servers are going the way of the dinosours.

A recent sad example is Malwarebytes of all outfits! Go to their web site and attempt to download their MBAM free version. Whalla - you are redirected to CNet. I quered MB about this and the response I received was "we have a special agreement with CNet that they will not include their wrapper software with our downloads." Humm - should I believe them? Maybe. But do I trust CNet to abide by this? Hell no! I can count on one hand without using the obscene gesture fingers all the third party download sites I trust.

Software vendors are going over to the "dark side" in droves these days. Hard times to make a buck the up and up way unfortunately are causing many former old guard software oufits to revise their business models. As far as new start-ups? In evaluating use the most important tools a PC user has in implementing safe security practices:

1. Common sense.
2. Make sure brain is always fully engaged when operating the keyboard and mouse.

 

agree

 

Yes Cyberman paranoia is definately the right word for your security set up lol.

 

@ Rmus

Okey dokey

@ ComputerSaysNo

I'm not sure if i'ld call it total BS but i don't know why vendors who promote Apps as protecting against MITM, can't provide a test www to prove their claims ? After all, there are LOTS of POC's we can do to test our Apps against KL's etc. Plus a number of www's that can show what our Browsers/OS etc are revealing, or not.

@ kareldjag

Nice to read your articles again, it's been a while. Ahh the good o'le days