funsec mailing list archives
Re: funsec Digest, Vol 2, Issue 9
From: Fred Cohen <fred.cohen () all net>
Date: Wed, 5 Oct 2005 10:02:32 -0700
Since there is no unsubscribe link - please unsubscribe me. FC On Oct 5, 2005, at 10:00 AM, funsec-request () linuxbox org wrote:
Send funsec mailing list submissions to funsec () linuxbox org To subscribe or unsubscribe via the World Wide Web, visit https://linuxbox.org/cgi-bin/mailman/listinfo/funsec or, via email, send a message with subject or body 'help' to funsec-request () linuxbox org You can reach the person managing the list at funsec-owner () linuxbox org When replying, please edit your Subject line so it is more specific than "Re: Contents of funsec digest..." Today's Topics: 1. Re: Nordea Sweden shuts Internet banking due to targeted phishing (Valdis.Kletnieks () vt edu) 2. Re: Book: "Spychips" Sees an RFID Conspiracy (Fergie (Paul Ferguson)) 3. Re: Nordea Sweden shuts Internet banking due to targeted phishing (Dan Kaminsky) 4. Re: Nordea Sweden shuts Internet banking due to targeted phishing (Valdis.Kletnieks () vt edu) 5. Re: Nordea Sweden shuts Internet banking due to targeted phishing (Craig Webster) 6. Re: Book: "Spychips" Sees an RFID Conspiracy (Craig Webster) 7. Re: Nordea Sweden shuts Internet banking due to targeted phishing (Florian Weimer) 8. RE: Book: "Spychips" Sees an RFID Conspiracy (Discini, Sonny) 9. FTC sues company over spyware (Fergie (Paul Ferguson)) 10. UK: Tsunami relief hacking case opens (Fergie (Paul Ferguson)) ---------------------------------------------------------------------- Message: 1 Date: Wed, 05 Oct 2005 11:01:53 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing To: Drsolly <drsollyp () drsolly com> Cc: funsec () linuxbox org Message-ID: <200510051501.j95F1r3K005289 () turing-police cc vt edu> Content-Type: text/plain; charset="us-ascii" On Wed, 05 Oct 2005 15:48:32 BST, Drsolly said:On Wed, 5 Oct 2005, Dan Kaminsky wrote:Banks could fix the phishing problem if they had the incentive. It isn'tbad enough yet to make them want to fix it.Once we move to phishers with rootkits, it's kind of game over. Majority of hosts are infected with spyware, ya know.You won't be able to rootkit the credit-card sized gizmo.You don't have to, if you can MITM the transaction. Wait for the user to hit the bank, read the challenge, snarf the gizmo's reply code as the user enters it. Then submit your *own* transaction, and then submit the user's transaction. That then complains about the code having been used already - but the damage is done.-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not availableUrl : http://linuxbox.org/pipermail/funsec/attachments/20051005/ ad2ef3e9/attachment-0001.pgp------------------------------ Message: 2 Date: Wed, 5 Oct 2005 15:01:37 GMT From: "Fergie (Paul Ferguson)" <fergdawg () netzero net> Subject: Re: [funsec] Book: "Spychips" Sees an RFID Conspiracy To: dan () doxpara com Cc: funsec () linuxbox org Message-ID: <20051005.080141.55.64702 () webmail11 lax untd com> Content-Type: text/plain Like what? - ferg -- Dan Kaminsky <dan () doxpara com> wrote: RFID has much bigger problems than privacy. --Dan -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ Message: 3 Date: Wed, 05 Oct 2005 08:02:44 -0700 From: Dan Kaminsky <dan () doxpara com> Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing To: Drsolly <drsollyp () drsolly com> Cc: funsec () linuxbox org Message-ID: <4343EB14.5050303 () doxpara com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Drsolly wrote:On Wed, 5 Oct 2005, Dan Kaminsky wrote:Banks could fix the phishing problem if they had the incentive. It isn'tbad enough yet to make them want to fix it.Once we move to phishers with rootkits, it's kind of game over. Majority of hosts are infected with spyware, ya know.You won't be able to rootkit the credit-card sized gizmo.Credit card sized gizmo has an insufficient UI. --Dan ------------------------------ Message: 4 Date: Wed, 05 Oct 2005 11:07:53 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing To: Craig Webster <craig () xeriom net> Cc: funsec () linuxbox org, Blue Boar <BlueBoar () thievco com> Message-ID: <200510051507.j95F7rok005706 () turing-police cc vt edu> Content-Type: text/plain; charset="us-ascii" On Wed, 05 Oct 2005 15:14:25 BST, Craig Webster said:This is only true so long as clients actually care about security and don't think "oh it'll never happen to me; I'll stick with my current bank becauseit's less hastle."And a lot of people managed to miss a point that Schneier keeps making: Securityis about *tradeoffs*.I do business with a bank that's somewhat underclued in the e- security area, and admitted it when I went to talk to them about it. However, they'd have to be a *lot* more unclued than they are before their lack of clue on this one thing outweighed the benefits of my having done most of my banking there for the last 15 years - everything from them having more ATMs in the places I need them on a daily basis (and avoid a $2.50 charge each time) to the fact that in the last decade, none of the other banks with a presence around here has made a better offer for my business. Cheapest, most convenient, *and* most helpful -it's gonna take a lot to make me move. :)And defence in depth helps here too - my bank is a bit weak on the e-security side, but they've called me several times when they've spotted an anomalous transaction (turned out each time I'd done something truly oddball compared to my usualbusiness pattern - but they did in fact notice the oddness..) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not availableUrl : http://linuxbox.org/pipermail/funsec/attachments/ 20051005/6b233d94/attachment-0001.pgp------------------------------ Message: 5 Date: Wed, 5 Oct 2005 16:14:15 +0100 From: Craig Webster <craig () xeriom net> Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing To: Valdis.Kletnieks () vt edu Cc: funsec () linuxbox org, Blue Boar <BlueBoar () thievco com> Message-ID: <20051005151415.GI12270 () xeriom net> Content-Type: text/plain; charset=us-ascii Hi,Cheapest, most convenient, *and* most helpful - it's gonna take a lot to make me move. :)<argh> It'd take very little to make me move and as far as I'm aware my bank has fairly tight security and I haven't seen even one phishing scam relating to it. Nice and secure, ATMs everywhere, cheap, evil littlesods that charge me at every possible opportunity, screw up basic things like changing the date on a standing order, enjoy being as unhelpful aspossible when it comes to direct debits, lock me out of telephonebanking for giving the correct password and look down their noses at mewhenever I go into the branch. Can you tell that I love my bank? And yet, as far as I'm aware they're the best bank for me. I don't really care about security at this moment in time -- I want customer service, I want access to advisors and I want trained staff! </argh> Yours, Craig -- Craig Webster | web: http://xeriom.net/ Xeriom.NET | tel: +44 (0)131 516 8595 ------------------------------ Message: 6 Date: Wed, 5 Oct 2005 16:15:52 +0100 From: Craig Webster <craig () xeriom net> Subject: Re: [funsec] Book: "Spychips" Sees an RFID Conspiracy To: "Fergie (Paul Ferguson)" <fergdawg () netzero net> Cc: funsec () linuxbox org Message-ID: <20051005151552.GJ12270 () xeriom net> Content-Type: text/plain; charset=us-ascii Hi,Like what?Well it tastes pretty bad... Craig -- Craig Webster | web: http://xeriom.net/ Xeriom.NET | tel: +44 (0)131 516 8595 ------------------------------ Message: 7 Date: Wed, 05 Oct 2005 17:21:08 +0200 From: Florian Weimer <fw () deneb enyo de> Subject: Re: [funsec] Nordea Sweden shuts Internet banking due to targeted phishing To: funsec () linuxbox org Message-ID: <87zmpogfbv.fsf () mid deneb enyo de> Content-Type: text/plain; charset=us-ascii * Steven Champeon:on Wed, Oct 05, 2005 at 11:34:02AM +0200, Florian Weimer wrote:* Justin Mason:- Adam Shostack's _Preserving the Internet Channel Against Phishers_,http://www.homeport.org/~adam/phishing.html , in which he gives 4 simple steps that *will* fix the problem.What is the problem? "Phishing" or online fraud?The problem is that Bank X uses Service Y to send its email.This doesn't answer my question because outsourcing your bulk mailings certainly isn't a security problem in itself. Maybe it's time for a little poll. Who has heard of "PWSteal", "Bancos" or "ASH"? ------------------------------ Message: 8 Date: Wed, 5 Oct 2005 11:49:21 -0400 From: "Discini, Sonny" <Sonny.Discini () montgomerycountymd gov> Subject: RE: [funsec] Book: "Spychips" Sees an RFID Conspiracy To: "Fergie \(Paul Ferguson\)" <fergdawg () netzero net>, <funsec () linuxbox org> Message-ID: <066F402A7185F04E8B7506F582E00E8902E29E7F () mcg-ex02 mcgov org> Content-Type: text/plain; charset="us-ascii" Fergie Wrote:I enjoy a good conspiracy theory as much as the next guy. ;-) Via Wired News: [snip] A new book by privacy advocates makes the case that corporations and government agencies are in collusion to put tiny radio transmitters on nearly everything we buy. Companies say it's about providing thought leadership, not the Mark of the Beast. Katherine Albrecht and Liz McIntyre hope to become the twin Erin Brockoviches of RFID, by revealing the threat posed by the radio tag replacements for barcode labels They may get their wish, if readers believe the conclusions of the privacy advocates' new book, "Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID". Albrecht and McIntyre make a staggering accusation in Spychips: that Philips, Procter and Gamble, Gillette, NCR and IBM are conspiring with each other and the federal government to follow individual consumers everywhere, using embedded radio tags planted in their clothing and belongings. [snip] http://wired-vig.wired.com/news/technology/0,1282,69068,00.html - fergInteresting. When I opened a pack of Gillette razors the other day, indeed I found an RFID chip inside. I knew those bastards were up to something when I signed up for that shopping bonus card! ;-) Sonny Discini, Senior Network Security Engineer Department of Technology Services Enterprise Infrastructure Division Montgomery County Government ------------------------------ Message: 9 Date: Wed, 5 Oct 2005 16:36:37 GMT From: "Fergie (Paul Ferguson)" <fergdawg () netzero net> Subject: [funsec] FTC sues company over spyware To: funsec () linuxbox org Message-ID: <20051005.093656.55.66532 () webmail11 lax untd com> Content-Type: text/plain Via C|Net News: [snip]The Federal Trade Commission announced on Wednesday that it has sued a company it says secretly installed spyware and adware purporting to be peer-to-peer file sharing software. The company offered claims such as "Download music without fear," and "Don't let the record companies win," but in reality did things like rewriting search engine results and generating pop-up ads, the agency said.Wednesday's announcement seems to be an effort to stave off possible enforcement-related criticism from Congress, which is holding a hearing on the topic later in the day. The defendant in the case is Odysseus Marketing of New Hampshire, whose ClientMan program is listed in Computer Associates' spyware encyclopedia.[snip] C|Net article:http://news.com.com/FTC+sues+company+over+spyware/ 2110-7348_3-5889202.htmlFTC announcement: http://www.ftc.gov/opa/2005/10/odysseus.htm - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ Message: 10 Date: Wed, 5 Oct 2005 16:50:46 GMT From: "Fergie (Paul Ferguson)" <fergdawg () netzero net> Subject: [funsec] UK: Tsunami relief hacking case opens To: funsec () linuxbox org Message-ID: <20051005.095124.55.66813 () webmail11 lax untd com> Content-Type: text/plain Here's a story with an interesting twist. Although additional details are sketchy, it will be interesting to see what details become available and how this case ends up. Via The Register: [snip]Horseferry Road Magistrates Court has heard the first day of evidence against the East London man accused of hacking into a donations site for the tsunami appeal last December.Daniel James Cuthbert, 28, of Whitechapel, London, is accused of breaches of Section One of the Computer Misuse Act, 1990, on the afternoon of New Year’s Eve, 2004. He had earlier pleaded not guilty.Cuthbert is accused of attempting a directory traversal attack on the donate.bt.com site which handles credit card payments on behalf of the Disasters Emergency Committee.Giving evidence on his own behalf, Cuthbert, at times near tears, said he had made a £30 donation to the site, after clicking on a banner advert. Because he received no final thank you or confirmation page he became concerned it may have been a phishing site, so he carried out two tests to check the security of the site.The case continues tomorrow. [snip] http://www.theregister.co.uk/2005/10/05/dec_case/ - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ ------------------------------ _______________________________________________ funsec mailing list funsec () linuxbox org https://linuxbox.org/cgi-bin/mailman/listinfo/funsec End of funsec Digest, Vol 2, Issue 9 ************************************
-- This communication is confidential to the parties it is intended to serve --
Security Posture securityposture.com tel/fax University of New Haven unhca.com 925-454-0171 Fred Cohen & Associates all.net 572 Leona Drive Security Management Partners policygeeks.com Livermore, CA 94550 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: funsec Digest, Vol 2, Issue 9 Fred Cohen (Oct 05)
- Re: Re: funsec Digest, Vol 2, Issue 9 Valdis . Kletnieks (Oct 05)