SpyEye Trojan defeating online banking defenses - Computerworld

Robert Stratton bob at stratton.net
Thu Jul 28 08:26:58 CDT 2011


E-Trade Bank here in the U.S. will send you an RSA SecurID token - I think it's $25. Of course that particular company just suffered a breach and there is speculation that said breach facilitated break-ins of large defense contractors' networks. 

It's still better than nothing. Two simple habits that mitigate this stuff are to use a different browser for banking than other web activities, and to ALWAYS log out when you're done with your transactions. Cross-site request forgery has received a lot of attention, but it still works, depending on which browsers you use and how you have them configured. Once that authentication cookie is on your machine, it's fair game for all manner of other windows, including that 1x1 pixel iframe that you can't see. 

--Bob S.


----- Original Message -----
> My Bank has just sent me this little credit-card size device
> (attached). Every time I want log on to their internet Banking
> service I have to use the code it generates.
> I don't have millions in the bank (if only!) so it must cost next to
> nothing.
> The fight goes on ...
> 
> Brian
> G2KQ
> 
> ________________________________________
> From: tacos-bounces+hawes=herald.ox.ac.uk at amrad.org
> [tacos-bounces+hawes=herald.ox.ac.uk at amrad.org] On Behalf Of Andre
> Kesteloot [andre.kesteloot at verizon.net]
> Sent: 28 July 2011 02:10
> To: Tacos
> Subject: SpyEye Trojan defeating online banking defenses -
> Computerworld
> 
> SpyEye Trojan defeating online banking defenses
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> http://m.computerworld.com/s/article/9218645/SpyEye_Trojan_defeating_online_banking_defenses?source=CTWNLE_nlt_security_2011-07-27&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F142+%28Computerworld+Network+Security+News%29
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
> 


More information about the Tacos mailing list