Posts by Robert 36

It wasn't this one but acquaintance had her bank account cleaned out

She did online banking and one day discovered she had a $10 balance when it should have been much more. The bank had sent all of her money to somewhere in Australia.

Haven't heard if she was successful in getting any kind of restitution but likely not since the route was probably through a key logger on her home PC.

These things happen and this sounds like it was targeting business bank accounts rather than personal.

Leexgx is right - RSA key fobs can help to make theft more difficult instead of using a communications channel that can be compromised. Luckily my bank offered them for free but they have made it much more limited (business customers) due to lack of interest. Regular customers (maybe businesses too) now have to pay for the RSA keys.

Uh Microsoft - Those are http addresses...

Wouldn't https offer a bit more protection from this kind of exploit? I know it establishes a secure connection but doesn't it also validate a page? This is a kind of man in the middle attack and verifying the page is unmodified would block this, wouldn't it?

Or isn't there some way that a browser/server could checksum a complete page and report if it had been modified? That wouldn't help if the browser itself was compromised to not do such a thing?

@DEAR BANK MANAGER

You laugh but it actually happened.

http://www.nytimes.com/2009/02/21/nyregion/21scam.html?_r=1&ref=business

"In October, Citibank received two dozen faxed requests for money to be wired, and it transferred $27 million to accounts controlled by the conspirators in Japan, South Korea, Australia, China, Cyprus and the United States, the complaint says."

I saw some other reports that said Citi was able to stop at least some of the payments, but still...

I actually do layer my home network - it's easy

I layer my home network and put web-accessible items one firewall in. There is protection from the Internet provided by the first router/firewall and protection for my NAS and desktops/laptop provided by the 2nd firewall. With Linksys WRT54GL wireless routers now selling around $50 (US), and 3rd party firmware like dd-wrt and Tomato, there really isn't an excuse for not layering protection.

But I agree - the people who don't know enough to configure routers and firewalls, port forwarding, etc, are in a world of hurt. I see way too many home "networks" that are their cable or DSL modem and a hub or router in default configuration with no security.