It seems that even "secure" financial transactions with Internet Explorer aren't safe

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tim Bishop <geodog () cyberdude com>
Date: July 6, 2004 4:56:09 AM EDT
To: dave () farber net
Cc: dgillmor () sjmercury com
Subject: It seems that even "secure" financial transactions with 
Internet Explorer aren't safe

 Dave,

 For IP if you want:

 The latest exploit is a file called "img1big.gif" that decompresses 
into a malevolent Browser Helper Object (BHO) that captures your 
financial transactions. According to a report from SANS 
(http://isc.incidents.org/diary.php?date=2004-06-29), this BHO:


"watches for HTTPS (secure) access to URLs of several dozen banking and 
financial sites in multiple countries. When an outbound HTTPS 
connection is made to such a URL, the BHO then grabs any outbound 
POST/GET data from within IE before it is encrypted by SSL. When it 
captures data, it creates an outbound HTTP connection to 
http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to 
the script found at that location."
 There are only two choices left with IE: Either don't browse the web 
with it, or don't use it for financial transactions.

 Thank goodness there are choices like Mozilla 
(http://www.mozilla.org/products/mozilla1.x/), Firefox 
(http://www.mozilla.org/products/firefox/) and Opera 
(http://www.opera.com/), for those of us still chained to Windows.


 Thanks,
 Tim Bishop

 --
 email mailto://geodog () cyberdude com
 professional http://www.timbishop.com/
opinions http://tiltingatwindmills.com/
news links http://www.midnightblog.com/
local http://www.berkeleyblog.com/

"It ain't what you don't know that gets you,
 it's the things you know that ain't so"
 -- Mark Twain 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/