Language Selection

English French German Italian Portuguese Spanish

Phishers Learn to Exploit VeriSign

Filed under
Security

Everyone knows not to believe everything they read on the Web. But things get sticky when a company whose main businesses is assuring the security of online transactions gives you assurances that don't hold up.

A few days ago, I received e-mail ostensibly from Bridgeport (Conn.)-based People's Bank, informing me of some security problem and asking me to click on a link and enter my account information. I get dozens of these phishing attempts, and when I see a new one, I'll often check it out. (Don't try this at home -- I use a special isolated computer to protect myself and my PC against the viruses, worms, and other nasties that these sites often attempt to download to a user's machine.)

VULNERABLE ARCHITECTURE. The e-mail had the usual giveaways to alert the wary. I'm not a customer of the bank. The link pointed to a numerical Internet address, not www.peoples.com, the bank's genuine site. And the bank's name was prominently misspelled "Peopel's" in one reference. Phishers have used the names of many banks and businesses in other phishing scams.

But the phony bank Web site the message linked to features a graphic of a VeriSign seal with the text "VeriSign Secure Site: Click to Verify." When I clicked on the seal, I got a page from a VeriSign server that announced in bold blue type: "PCB.PEOPLES.COM is a VeriSign Secure Site" and that its status was "valid." I had to read way down into the text on the page to be advised: "To ensure that this is a legitimate VeriSign Secure Site, make sure that the original URL of the site you are visiting comes from PCB.PEOPLES.COM" -- which, of course, it did not.

When I brought the matter to the attention of Mountain View (Calif.)-based VeriSign (VRSN ), Group Product Manager Tim Callan wrote in an e-mail: "This phisher has built his spoof on top of VeriSign's version 1 seal architecture. The version 1 architecture was conceived and created before phishing was a phenomenon, and so it was not designed with that attack in mind.

Full Story.

More in Tux Machines

Meet BOXER-6403, a Tiny Embedded PC That Runs Fedora Linux on Bay Trail

AAEON Technology Inc., a Taiwanese computer manufacturer, has recently introduces a new ultra-slim compact embedded computer that runs the Fedora Linux operating system on Bay Trail Intel Atom or Celeron processors. Read more

Important Linux Kernel Vulnerability Patched in All Supported Ubuntu OSes

In a recent security notice, dated May 5, Canonical announced the immediate availability of a new kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.10 (Utopic Unicorn), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin). Read more

An introduction to Linux from Opensource.com

What is Linux? For many this seems like a question with an obvious answer, but the truth is there are a large number of people who would shrug their shoulders. Many have never heard of Linux (gasp!) or aren't confident in their answer. Here at Opensource.com, we want to help answer that question in a manner that allows others pass it around and share it with the world. So, we created a new resource page which gently introduces Linux, the world's most popular open source operating system. Read more Also: Benefits of Linux Dedicated Servers

Latest NetworkManager Update Brings Support for 5GHz WiFi Networks

On May 5, Lubomir Rintel announced the immediate availability for download and upgrade of NetworkManager 1.0.2, the default utility for managing network connection under GNOME and GNOME-based desktop environments. Read more