'Pharmers' hit online bank users with fraud scam

Discussion in 'other security issues & news' started by ronjor, Apr 25, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Story
     
  2. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    That's why, a couple of months ago, I put all of my financial institutions into my Host file, so I never need to use a DNS server, for the financial institutions anyway.

    Acadia
     
  3. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    They can carry out DNS poisoning, but how can they falsify the secure certificate that's needed for an SSL link? If a site is unsecured, using an http: URL instead of an https: one, it should be obvious that the web site isn't the correct bona-fide one.

    Decent browsers, such as Firefox, even colour the entire address bar yellow when on a secure link, so we're not completely devoid of all hope.

    Yet...
     
  4. lupus

    lupus Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    22
    I make sure to check out certificates and https and i use a knoppix live-cd when conducting banking/paying business on the internet, i don't know what more i can do, if they start messing with certificates it's game over for online banking and e-commerce.

    Maybe a good idea as well would be to bookmark the IP adress instead of the http one for critical websites such as banks.

    Also suppose one enters his personal info on a bogus site, there is absolutely no way they could display proper account information, there would be (if they are clever) some sort of "service unavailable" message that should arise suspicion.
     
    Last edited: Apr 27, 2005
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Two other solutions:

    1) Make a separate firewall rule for your Browser -HTTPS - Port 443 with a list of trusted addresses. Any attempt to go to another address via that port will bring up an Alert/Prompt

    2) Before going to your banking or any other secure site where you do transactions, un-check your regular Browser rule. This will Alert/Prompt any outgoing attempt and you can check the IP address in the Alert box with your known one.

    Recently, I had an interesting experience with this. See my thread at
    https://www.wilderssecurity.com/showthread.php?p=442811

    ---
    Rmus
     
Loading...
Thread Status:
Not open for further replies.