Look, the average person doesn't know shit about internet security.
I don't know a lot of shit about internet security.
But SSL is THE secure way to use banking websites and other websites online for your online transaction.
And you naively thought it was fool proof... oh what little you know.
If you don't want to get your ass handed to you in identity theft land, you have to follow certain key tennants, like, for instance, never ever ever answer an email from your bank when it says "login here" to fix some bullshit issue. It's almost always a redirector website or a fake site designed like the real site.
The recent Black Hat DC 09 conference outlined exactly how SSL is hacked. See, it was hacked before, but then folks just took the attitude of "oh well use this instead". Now, in this article, you can see that the "this instead" method is now compromised. Here's another article about how the SSL domain jacking went from theory to practice.
So look, just be careful, learn how hackers fuck with your shit so when you see it, you know what it is and run. The article outlines pretty well how to tell when the slight of hand happens and how your username/password gets picked. In many ways, it all starts out by faking the favicon, as above.
Plus, just stop using IE already. It sucks, it doesn't work. Neither, to a degree, does Safari. Use Firefox, Chrome or Opera and you'll be fine.
For more detailed dish on how fiends flip your shit, check out this PDF.
Posts
No comments:
Post a Comment
Please comment away - articulate or really lame comments will always be posted.