Online financial transactions? READ THIS

[Guest guest]

It's always better to PHONE if you like to buy via EFTS

 

 

- norgessen

september_eleven_vreeland

Wednesday, July 07, 2004 10:57 AM

[september_eleven_vreeland] Fwd: It seems that even "secure" financial transactions with Internet Explorer aren't safe

cia-drugs , roadsend@a... wrote:-Caveat Lector-Tim Bishop <geodog@c...>July 6, 2004 4:56:09 AM EDTdave@f...Cc: dgillmor@s...Subject: It seems that even "secure" financial transactions withInternet Explorer aren't safe Dave, For IP if you want: The latest exploit is a file called "img1big.gif" that decompressesinto a malevolent Browser Helper Object (BHO) that captures yourfinancial transactions. According to a report from SANS(http://isc.incidents.org/diary.php?date=2004-06-29), this BHO:"watches for HTTPS (secure) access to URLs of several dozen banking andfinancial sites in multiple countries. When an outbound HTTPSconnection is made to such a URL, the BHO then grabs any outboundPOST/GET data from within IE before it is encrypted by SSL. When itcaptures data, it creates an outbound HTTP connection tohttp://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data tothe script found at that location." There are only two choices left with IE: Either don't browse the webwith it, or don't use it for financial transactions. Thank goodness there are choices like Mozillahttp://www.mozilla.org/products/mozilla1.x/ , Firefoxhttp://www.mozilla.org/products/firefox/ ) and Operahttp://www.opera.com/ ) for those of us still chained to Windows. Thanks, Tim Bishop--- End forwarded message ---