Language Selection

English French German Italian Portuguese Spanish

Phishers Learn to Exploit VeriSign

Filed under
Security

Everyone knows not to believe everything they read on the Web. But things get sticky when a company whose main businesses is assuring the security of online transactions gives you assurances that don't hold up.

A few days ago, I received e-mail ostensibly from Bridgeport (Conn.)-based People's Bank, informing me of some security problem and asking me to click on a link and enter my account information. I get dozens of these phishing attempts, and when I see a new one, I'll often check it out. (Don't try this at home -- I use a special isolated computer to protect myself and my PC against the viruses, worms, and other nasties that these sites often attempt to download to a user's machine.)

VULNERABLE ARCHITECTURE. The e-mail had the usual giveaways to alert the wary. I'm not a customer of the bank. The link pointed to a numerical Internet address, not www.peoples.com, the bank's genuine site. And the bank's name was prominently misspelled "Peopel's" in one reference. Phishers have used the names of many banks and businesses in other phishing scams.

But the phony bank Web site the message linked to features a graphic of a VeriSign seal with the text "VeriSign Secure Site: Click to Verify." When I clicked on the seal, I got a page from a VeriSign server that announced in bold blue type: "PCB.PEOPLES.COM is a VeriSign Secure Site" and that its status was "valid." I had to read way down into the text on the page to be advised: "To ensure that this is a legitimate VeriSign Secure Site, make sure that the original URL of the site you are visiting comes from PCB.PEOPLES.COM" -- which, of course, it did not.

When I brought the matter to the attention of Mountain View (Calif.)-based VeriSign (VRSN ), Group Product Manager Tim Callan wrote in an e-mail: "This phisher has built his spoof on top of VeriSign's version 1 seal architecture. The version 1 architecture was conceived and created before phishing was a phenomenon, and so it was not designed with that attack in mind.

Full Story.

More in Tux Machines

Ubuntu Touch to Get Improved Desktop Mode with Next Update

Canonical is preparing a major new update for Ubuntu Touch, but it will take a while until it's going to be ready. From the looks of it, the devs are preparing some interesting improvements and updates. Read more

Parsix GNU/Linux 7.0 Will Reach End of Life on June 14 to Make Room for Parsix 8.0

The Parsix Project has recently announced that their Parsix GNU/Linux 7.0 (Nestor) distribution will reach the end of its life support in the coming weeks, urging users to upgrade to Parsix GNU/Linux 7.5 (Rinaldo) as soon as possible. Read more

Leftovers: Software

  • 3 Open Source Python Shells
    Python is a high-level, general-purpose, structured, powerful, open source programming language that is used for a wide variety of programming tasks. It features a fully dynamic type system and automatic memory management, similar to that of Scheme, Ruby, Perl, and Tcl, avoiding many of the complexities and overheads of compiled languages. The language was created by Guido van Rossum in 1991, and continues to grow in popularity.
  • Google Chrome 44 (Dev) Brings Interesting New Features
  • CodeWeavers CrossOver 14.1.3 has been released
    I am delighted to announce that CodeWeavers has just released CrossOver 14.1.3 for both Mac OS X and Linux. CrossOver 14.1.3 has important bug fixes for both Mac and Linux users.

today's leftovers

  • Consumers Continue to Buy Chromebooks as Secondary PCs, Enterprise Still Uninterested
  • Video: LXD containers vs. KVM
    Since I'm such a big container fan (been using them on Linux since 2005) and I recently blogged about Docker, LXC, and OpenVZ... how could I pass up posting this? Some Canonical guys gave a presentation at the recent OpenStack Summit on "LXD vs. KVM". What is LXD? It is basically a management service for LXC that supposedly adds a lot of the features LXC was missing... and is much easier to use. For a couple of years now Canonical has shown an interest in LXC and has supposedly be doing a lot of development work around them. I wonder what specifically? They almost seem like the only company who is interested in LXC.. or at least they are putting forth a publicly noticeable effort around them.
  • Ubuntu's LXD vs. KVM For The Linux Cloud
    LXD is usable with Ubuntu 15.04 albeit not many have yet fully experimented with this new technology from Canonical given its early state. The LXD Linux container hypervisor allows for rapid provisioning, very fast performance, a REST API, and other functionality. If you're wishing to learn more about LXD, this week at the OpenStack Summit in Vancouver was a talk about LXD vs. KVM for Linux hypervisors.
  • Cloud Driving HP's Server Business Forward
    HP announced is second quarter fiscal 2015 earnings on May 21, with company executives enthusiastic about the company's upcoming split, and continued prospects in the cloud.
  • The Latest Linux Kernel Git Code Fixes The EXT4 RAID0 Corruption Problem
    An EXT4 file-system corruption problem was uncovered with Linux 4.0 that turned out to be an MD RAID0 issue with the Linux kernel in the latest stable series. This RAID corruption issue has now been fixed in the latest kernel Git code.
  • Interview with Mary Winkler
    LOVE the blending tools. I’m used to those of Paint Tool SAI, and finding a program whose brushes are far more customizable and can do more is digital art heaven. Especially an open source one!
  • Reminder: Evolving KDE survey milestone on May 31st
    Evolution is a powerful concept and tool. When harnessed properly, humans have been able to tailor and adapt crops and domesticate animals. We’ve been able to grow the Dutch unnecessarily tall and create beautiful and consequence-free theme parks as shown in the Jurassic Park documentary series on the BBC. However, when not monitored closely or left to nature’s own devices, the result is the terrifying land based sharks that have caused such recent devastation across most of Australia.
  • GNOME Shell It is!!
    It’s been a while since my last post, I was busy with my university exams and didn’t get much time to work on my GSoC project. But during whatever time I got I tried to get myself familiar with GNOME Shell coding style and get a hang of the way it works, since GNOME Shell is the main module I will be working with in this project. But things weren’t as simple as I initially thought them to be. It has been a struggle trying to find out some structured documentation for GNOME Shell code-base mainly the JavaScript part.
  • Attention Fedora 22 prerelease users
  • Fedora 21 chrooted on an aarch64 Nexus 9
    A while back I bought a Nexus 9, mainly because it has a weird processor that emulates a 64 bit ARM (aarch64). Google seem to have abandoned this platform entirely, just 6 months after I got it, so fuck you too Google. Anyway …
  • Meet SparkyLinux, a Debian-based Linux distribution
    SparkyLinux features customized lightweight desktops (like E19, LXDE and Openbox), multimedia plugins, selected sets of apps and own custom tools to ease different tasks.
  • Is Canonical going to have an IPO?
  • Mozilla shifts gears: $25 phones out, Android apps in
  • Linksys NSLU2 adventures into the NetBSD land passed through JTAG highlands - part 1
  • GCC 6 Gets Support For The IBM z13 Mainframe Server
    The latest GNU Compiler Collection code now has proper optimization targeting/tuning support for the IBM z13.
  • News for open source virtual reality, popular Linux game distros, and more