[IP] It seems that even "secure" financial transactions with Internet Explorer aren't safe
Begin forwarded message:
From: Tim Bishop <geodog@xxxxxxxxxxxxx>
Date: July 6, 2004 4:56:09 AM EDT
To: dave@xxxxxxxxxx
Cc: dgillmor@xxxxxxxxxxxxx
Subject: It seems that even "secure" financial transactions with
Internet Explorer aren't safe
Dave,
For IP if you want:
The latest exploit is a file called "img1big.gif" that decompresses
into a malevolent Browser Helper Object (BHO) that captures your
financial transactions. According to a report from SANS
(http://isc.incidents.org/diary.php?date=2004-06-29), this BHO:
"watches for HTTPS (secure) access to URLs of several dozen banking and
financial sites in multiple countries. When an outbound HTTPS
connection is made to such a URL, the BHO then grabs any outbound
POST/GET data from within IE before it is encrypted by SSL. When it
captures data, it creates an outbound HTTP connection to
http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to
the script found at that location."
There are only two choices left with IE: Either don't browse the web
with it, or don't use it for financial transactions.
Thank goodness there are choices like Mozilla
(http://www.mozilla.org/products/mozilla1.x/), Firefox
(http://www.mozilla.org/products/firefox/) and Opera
(http://www.opera.com/), for those of us still chained to Windows.
Thanks,
Tim Bishop
--
email mailto://geodog@xxxxxxxxxxxxx
professional http://www.timbishop.com/
opinions http://tiltingatwindmills.com/
news links http://www.midnightblog.com/
local http://www.berkeleyblog.com/
"It ain't what you don't know that gets you,
it's the things you know that ain't so"
-- Mark Twain
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/