[ale] OT: online banking hack

Raju mr at 4securenet.com
Mon May 12 20:57:25 EDT 2003


seconded:-). Maybe a Mozilla plugin or could help Mozilla to be a more
secure browser by integrating it into the core code itself and provide the
option to monitor the domains you would like to watch for any IP/DNS 
changes...

--Raju


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> That probably wouldn't be a bad feature to add to a browser (like
> Mozilla).  A domain/IP checking icon that verifies that the domain you
> enter "statistically" refers to the IP address (or addresses) that are
> proven "valid".  For purposes of banking (I bank at Merrill Lynch and
> always hit the same IP), it could be a very useful feature.  Heck, they
> could even have a configuration option to only montior certain domain/ip
>  combinations.
>
> - -CB
>
>
>
> Raju wrote:
>
> |This looks like a similar technique used by a few blackhats in Germany
> |about four years ago. They were able to hijack domains of several banks
> (I |still think Domain resgistration and control uses poor
> authenitication - |at least use GPG sigs, or certs, etc for better
> security).  The traffic |was redirected to a different site that looked
> identical to the bank's and |the user was prompted for any interesting
> information to the blackhat. |After the information was harvested, an
> arbitary error message was given |and then redirected to the "real"
> online banking site. The unaware user |ignores the message and enters
> the information again ...VOLLA...it works |now :)
> |
> |1. How many actually make sure that IP address matches the correct
> Domain |Name when we enter a URL?
> |
> |2. This was an example of exploiting the weakest link in security,
> namely |us Humans..:-)
> |
> |Regards,
> |
> |--Raju.
> |
> |
> |>-----BEGIN PGP SIGNED MESSAGE-----
> |>Hash: SHA1
> |>
> |>Jim, you might want to escalate this and send the message (with
> headers, |> etc) on to the FBI.gov and DHS.gov sites.  Maybe I'm being
> paranoid |>here, but these days, a company like the Bank of America
> would be an |>extremely tempting target for terrorists and the like.  If
> for no other |>reason than that it contains the name "America" (and
> Bank) - two of the |>things that terrorist freaks seem to have a
> distaste for.  If I'm not |>mistaken most of the airlines that were used
> on Sept. 11th were
> |>"American" Airlines.  Anyway, the point is that I think that you
> should |>forward the information on to DHS.gov / FBI.gov.  In fact, I'd
> like to |>request that you do so as a favor for me.
> |>
> |>Best Regards,
> |>CB
> |>
> |>
> |>Jim Philips wrote:
> |>
> |>|Today I got an e-mail from Bank of America requesting that I go to
> |>their |server and log on to online banking. The e-mail provided a link
> I |>could use |for calling up the logon page. The problem is that I
> don't |>have an account |with Bank of America. The link showed up in the
> e-mail |>as https, but  when you
> |>|click on it, you get an http page with only an IP address. This is a
> |>naked |attempt to fool people into giving up their logins and
> passwords |>for online |banking. I called Bank of America and forwarded
> the e-mail |>(which was  caught
> |>|and flagged by Spamassassin). Apparently, a whole batch of these went
> |>out |today about 1 o'clock.
> |>|_______________________________________________
> |>|Ale mailing list
> |>|Ale at ale.org
> |>|http://www.ale.org/mailman/listinfo/ale
> |>|
> |>|
> |>
> |>-----BEGIN PGP SIGNATURE-----
> |>Version: GnuPG v1.2.1 (MingW32)
> |>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> |>
> |>iD8DBQE+wDDSTKCy0t3zQgURAjelAJ9oHgI2icTgVYwMf5R9le39dfTVxwCg28g7
> |>yPyQXxsezd3+X5NZRcEDgXI=
> |>=MEOB
> |>-----END PGP SIGNATURE-----
> |>
> |>
> |>_______________________________________________
> |>Ale mailing list
> |>Ale at ale.org
> |>http://www.ale.org/mailman/listinfo/ale
> |
> |
> |
> |
> |
> |
> |_______________________________________________
> |Ale mailing list
> |Ale at ale.org
> |http://www.ale.org/mailman/listinfo/ale
> |
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+wEDlTKCy0t3zQgURAuAzAJ4lD57LJuAqDsjnBelINrA0wHunaACbBz5x
> TDyRA+GlyTXq/X0Uk6hUiuA=
> =LgSG
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale





_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list