[ale] OT: online banking hack

Christopher Bergeron christopher at bergeron.com
Mon May 12 20:48:38 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
That probably wouldn't be a bad feature to add to a browser (like 
Mozilla).  A domain/IP checking icon that verifies that the domain you 
enter "statistically" refers to the IP address (or addresses) that are 
proven "valid".  For purposes of banking (I bank at Merrill Lynch and 
always hit the same IP), it could be a very useful feature.  Heck, they 
could even have a configuration option to only montior certain domain/ip 
combinations.

- -CB



Raju wrote:

|This looks like a similar technique used by a few blackhats in Germany
|about four years ago. They were able to hijack domains of several banks (I
|still think Domain resgistration and control uses poor authenitication -
|at least use GPG sigs, or certs, etc for better security).  The traffic
|was redirected to a different site that looked identical to the bank's and
|the user was prompted for any interesting information to the blackhat.
|After the information was harvested, an arbitary error message was given
|and then redirected to the "real" online banking site. The unaware user
|ignores the message and enters the information again ...VOLLA...it works
|now :)
|
|1. How many actually make sure that IP address matches the correct Domain
|Name when we enter a URL?
|
|2. This was an example of exploiting the weakest link in security, namely
|us Humans..:-)
|
|Regards,
|
|--Raju.
|
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>Jim, you might want to escalate this and send the message (with headers,
|> etc) on to the FBI.gov and DHS.gov sites.  Maybe I'm being paranoid
|>here, but these days, a company like the Bank of America would be an
|>extremely tempting target for terrorists and the like.  If for no other
|>reason than that it contains the name "America" (and Bank) - two of the
|>things that terrorist freaks seem to have a distaste for.  If I'm not
|>mistaken most of the airlines that were used on Sept. 11th were
|>"American" Airlines.  Anyway, the point is that I think that you should
|>forward the information on to DHS.gov / FBI.gov.  In fact, I'd like to
|>request that you do so as a favor for me.
|>
|>Best Regards,
|>CB
|>
|>
|>Jim Philips wrote:
|>
|>|Today I got an e-mail from Bank of America requesting that I go to
|>their |server and log on to online banking. The e-mail provided a link I
|>could use |for calling up the logon page. The problem is that I don't
|>have an account |with Bank of America. The link showed up in the e-mail
|>as https, but  when you
|>|click on it, you get an http page with only an IP address. This is a
|>naked |attempt to fool people into giving up their logins and passwords
|>for online |banking. I called Bank of America and forwarded the e-mail
|>(which was  caught
|>|and flagged by Spamassassin). Apparently, a whole batch of these went
|>out |today about 1 o'clock.
|>|_______________________________________________
|>|Ale mailing list
|>|Ale at ale.org
|>|http://www.ale.org/mailman/listinfo/ale
|>|
|>|
|>
|>-----BEGIN PGP SIGNATURE-----
|>Version: GnuPG v1.2.1 (MingW32)
|>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
|>
|>iD8DBQE+wDDSTKCy0t3zQgURAjelAJ9oHgI2icTgVYwMf5R9le39dfTVxwCg28g7
|>yPyQXxsezd3+X5NZRcEDgXI=
|>=MEOB
|>-----END PGP SIGNATURE-----
|>
|>
|>_______________________________________________
|>Ale mailing list
|>Ale at ale.org
|>http://www.ale.org/mailman/listinfo/ale
|
|
|
|
|
|
|_______________________________________________
|Ale mailing list
|Ale at ale.org
|http://www.ale.org/mailman/listinfo/ale
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQE+wEDlTKCy0t3zQgURAuAzAJ4lD57LJuAqDsjnBelINrA0wHunaACbBz5x
TDyRA+GlyTXq/X0Uk6hUiuA=
=LgSG
-----END PGP SIGNATURE-----


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list