Comments on: Hacking Business Accounts http://www.cryptosmith.com/archives/687 Authentication, crypto, information security, and life with gadgets - Rick Smith Wed, 30 Jun 2010 12:30:42 +0000 hourly 1 http://wordpress.org/?v=abc By: Rick (l) Admin http://www.cryptosmith.com/archives/687/comment-page-1#comment-8208 Rick (l) Admin Fri, 24 Jul 2009 17:19:14 +0000 http://www.cryptosmith.com/?p=687#comment-8208 I have to say that the Bank of America phishers are pretty brazen - it's incredible to think they're telling people to install new public key certificates. The sad thing is that I know people will fall for it. Actually, though, that makes the attack really too complex. It gives forewarning of where the domain will be for the actual attack. I have to say that the Bank of America phishers are pretty brazen – it’s incredible to think they’re telling people to install new public key certificates.

The sad thing is that I know people will fall for it.

Actually, though, that makes the attack really too complex. It gives forewarning of where the domain will be for the actual attack.

]]> By: nides1 http://www.cryptosmith.com/archives/687/comment-page-1#comment-8207 nides1 Fri, 24 Jul 2009 02:41:48 +0000 http://www.cryptosmith.com/?p=687#comment-8207 Kudos to banks for implementing "multi-factor" security requiring both A. User name/password AND B. private key for authentication ... that one worked out well. ha.. I just had a computer forensic case come in last week that was exactly this.. Client's bank flagged 2 large wire transfers as fraudulent activity that almost wiped their account. They hire us to figure out the who/how/what @#$@ happened..! Make a long story short things turn into a malware analysis real quickly as I found a nasty little thing ~~ "9129837.exe" a trojan w/ root kit like characteristics. The phishing scheme that delivered the trojan was so advanced, the fake bank web site that prompted for the user/name password, actually validated the credentials against Verisign before it even bothered passing it along to the suspect!! Then it drops the executable (wiping some of its traces) scooping up digital signatures among some other goodies. If you ask me, based on what I have learned from you =) , this security is like putting the fresh made chocolate chip cookies and hundred dollar bills both in the same cookie jar.. then leaving the cover wide open. Kind of asking for it in my opinion. They need to incorporate other variables that are "outside of the jar" sort of speak. What happened to the good old RSA tokens.. ? http://garwarner.blogspot.com/2009/06/bank-of-america-digital-certificates.html [includes minor edit by blogger] Kudos to banks for implementing “multi-factor” security requiring both A. User name/password AND B. private key for authentication … that one worked out well. ha..

I just had a computer forensic case come in last week that was exactly this.. Client’s bank flagged 2 large wire transfers as fraudulent activity that almost wiped their account. They hire us to figure out the who/how/what @#$@ happened..! Make a long story short things turn into a malware analysis real quickly as I found a nasty little thing ~~ “9129837.exe” a trojan w/ root kit like characteristics.

The phishing scheme that delivered the trojan was so advanced, the fake bank web site that prompted for the user/name password, actually validated the credentials against Verisign before it even bothered passing it along to the suspect!! Then it drops the executable (wiping some of its traces) scooping up digital signatures among some other goodies.

If you ask me, based on what I have learned from you =) , this security is like putting the fresh made chocolate chip cookies and hundred dollar bills both in the same cookie jar.. then leaving the cover wide open. Kind of asking for it in my opinion. They need to incorporate other variables that are “outside of the jar” sort of speak. What happened to the good old RSA tokens.. ?

http://garwarner.blogspot.com/2009/06/bank-of-america-digital-certificates.html

[includes minor edit by blogger]

]]>