-Caveat Lector- From: Tim Bishop <[EMAIL PROTECTED]> Date: July 6, 2004 4:56:09 AM EDT To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: It seems that even "secure" financial transactions with Internet Explorer aren't safe
Dave, For IP if you want: The latest exploit is a file called "img1big.gif" that decompresses into a malevolent Browser Helper Object (BHO) that captures your financial transactions. According to a report from SANS (http://isc.incidents.org/diary.php?date=2004-06-29), this BHO: "watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries. When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location." There are only two choices left with IE: Either don't browse the web with it, or don't use it for financial transactions. Thank goodness there are choices like Mozilla (http://www.mozilla.org/products/mozilla1.x/), Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com/), for those of us still chained to Windows. Thanks, Tim Bishop -- email mailto://[EMAIL PROTECTED] professional http://www.timbishop.com/ opinions http://tiltingatwindmills.com/ news links http://www.midnightblog.com/ local http://www.berkeleyblog.com/ www.ctrl.org DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://www.mail-archive.com/[EMAIL PROTECTED]/ <A HREF="http://www.mail-archive.com/[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om