Mada R Perdhana <mrp....@gmail.com> writes:
How interesting. It looks pretty much like snake-oil, a scam intended to
scare folks who don't know much about security, to me.
The problems start with their lack of presence: the main bits of presence
are a FaceBook page, a twitter account, and a Yahoo Group with barely
coherent writing about their content.
They do, though, do the scam-focused thing: waffle vaguely about security
issues, claim (but not prove) they are more secure, then tell you that you
are a bad person if you don't instantly convince your friends to use their
software.
They do have an email address, apparently attached to some Google Apps
hosting, and a website with links to their 2008 security forum, and a copy of
the same information about security (eg: none) as their FaceBook page
provides.
They start with the *technical* issues by claiming that "techniques of
cracking the SSL implementation" are widespread, but provide no evidence about
what those techniques are - or why they are, for example, not being widely
reported since that would be huge security news.
If we generously assume that they mean that attackers are running software on
your machine to intercept content *without* having to violate the
cryptographic security of the SSL/TLS protocol then they have a huge burden of
proof in the form of demonstrating their software actually does anything.
Which, of course, they don't deliver.
Meanwhile, if we look to their writing on the facebook "page" they have some
excellent advice for you: you can keep the software safe by keeping the
original zip file around, and if you ever have a doubt (sic) you can just
extract the executable again.
Because, y'know, an attacker would never, ever think of being able to attack a
bit of software every time it ran, or to fiddle with an executable inside a
zip file. That would be, y'know, hard!
They also explain that in the next couple of versions they will be working to
fix security problems like hijacking of your laptop - so, y'know, if this
issue has not been addressed in this version then, hey, apparently our
generous assumption earlier was inaccurate.
They *can't* be claiming that they secure the system against local attacks,
leaving *only* that these hackers are breaking the SSL/TLS protocol. Oh,
well...
Their public don't help, either. The top hits contain claims like this:
As you know, break-ins money can through hypnosis, ATM card fraud, and
phishing. Phishing is a cunning technique to obtain sensitive information
while transacting through Internet Banking. They stole your information
such as the username, password, credit card numbers and so on-depending on
the form of phising
I know that one of my huge security concerns, which a secure web browser could
help with, is that I might be subject to hypnosis or ATM card fraud! Those
damn hackers and their hypnotic virus powers!
So, MRP: this looks convincingly like something that is at best snake-oil, and
at worst outright fraud. Care to respond?
Daniel
> Try XecureBrowser, it's a browser design for ibank transaction,
> protect from ssl injection or anything which relate with ibank crime
> type.
>
> regards,
> mrp
>
> On 11/10/10, Jeremy Visser <jer...@visser.name> wrote:
>> Jim Donovan said:
>>> Commonwealth opens extra windows but only logs off in one of them;
>>> you have to close the others by hand. Not that they will work after
>>> logoff but it's lousy security.
>>
>> I don't know what browser you use, but in Chromium I just typed
>> 'netbank.com.au', logged in, and not a single browser window was opened.
>> The NetBank interface just opened in the same browser window.
>>
>>
>
>
> --
> Linkedin : http://id.linkedin.com/in/mrpbpp
> PGP ID : 0xDC3A483A
> PGP Fingerprint : FCBE 697C 3C47 89D2 C28F 6C94 E607 7E99 DC3A 483A
> See http://www.keyserver.net or any PGP keyserver for public key
>
> "Never Trust an Operating System You don't have the Source for..."
> "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
> "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and
> crash simultaneously!"
--
✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
