Navigation

Language Selection

Search

Phishers Learn to Exploit VeriSign

Submitted by srlinuxx on Monday 23rd of May 2005 07:13:16 AM Filed under

Security

Everyone knows not to believe everything they read on the Web. But things get sticky when a company whose main businesses is assuring the security of online transactions gives you assurances that don't hold up.

A few days ago, I received e-mail ostensibly from Bridgeport (Conn.)-based People's Bank, informing me of some security problem and asking me to click on a link and enter my account information. I get dozens of these phishing attempts, and when I see a new one, I'll often check it out. (Don't try this at home -- I use a special isolated computer to protect myself and my PC against the viruses, worms, and other nasties that these sites often attempt to download to a user's machine.)

VULNERABLE ARCHITECTURE. The e-mail had the usual giveaways to alert the wary. I'm not a customer of the bank. The link pointed to a numerical Internet address, not www.peoples.com, the bank's genuine site. And the bank's name was prominently misspelled "Peopel's" in one reference. Phishers have used the names of many banks and businesses in other phishing scams.

But the phony bank Web site the message linked to features a graphic of a VeriSign seal with the text "VeriSign Secure Site: Click to Verify." When I clicked on the seal, I got a page from a VeriSign server that announced in bold blue type: "PCB.PEOPLES.COM is a VeriSign Secure Site" and that its status was "valid." I had to read way down into the text on the page to be advised: "To ensure that this is a legitimate VeriSign Secure Site, make sure that the original URL of the site you are visiting comes from PCB.PEOPLES.COM" -- which, of course, it did not.

When I brought the matter to the attention of Mountain View (Calif.)-based VeriSign (VRSN ), Group Product Manager Tim Callan wrote in an e-mail: "This phisher has built his spoof on top of VeriSign's version 1 seal architecture. The version 1 architecture was conceived and created before phishing was a phenomenon, and so it was not designed with that attack in mind.

Full Story.

More in Tux Machines

Linux/FOSS Events

The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
OpenShift Commons Gathering event preview

We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

Report: Linux security must be upgraded to protect future tech

The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
security things in Linux v4.6

Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS

Trainline creates open source platform to help developers deploy apps and environments in AWS

The Trainline, the independent rail ticket retailer, has created an open sourced standardised way for its developers to deploy and manage individual applications and environments in Amazon Web Services' public cloud. The company has 150 staff in its development area, who focus on improving user experience, and in order to ensure that its underlying infrastructure wasn't a constraint on time to market, the firm recently migrated all of its development, staging, UAT and production environments from a legacy private data centre to Amazon's public cloud.
Trainline creates open source platform to let developers test apps in AWS

Latest News

Wine 1.9.20

Wine Announcement

The Wine development release 1.9.20 is now available.
Wine 1.9.20 Has New Clipboard API Reimplementation

- Wine 1.9.20 is now available as the latest bi-weekly development release of this cross-platform program to run Windows programs/games on other operating systems.

Today in Techrights

today's leftovers

Windows vs. Linux vs. Mac: the channel comparison

Linux is open source meaning you can customise and modify the code any which way you like. This flexibility has made the system hugely popular amongst the developer community. This is not the same in Windows and Mac. Neither the Windows and Mac programmes nor the operating systems are open source. So there we have it, three entirely different operating systems offering unique experiences that can meet the differing demands of the modern user, whilst offering unique opportunities throughout the channel. So the real question now is, are you a Mac Linux or Windows user?
How to install and run Dropbox from a headless Linux server
Red Hat Inc. (NYSE:RHT) Receives $88.33 Consensus Target Price from Brokerages
Pay Close Attention To These Analyst Ratings Red Hat Inc (NYSE:RHT), Oracle Corp. (NYSE:ORCL)
Mintbox Mini Pro: A Cheap Linux Machine With Compelling Specs

The Mintbox Mini has been received a major hardware upgrade and it is now called Mintbox Mini Pro. The Linux machine comes at a price of $395 and features an all-metal casing which eliminates the need for a cooling fan. Significant bumps having been given to the storage, RAM, processor, wireless, and other hardware components.
Android Circuit: Note 7 Nightmare Haunts Samsung, Goodbye Faithful BlackBerry, New Galaxy S8 Leaks
Google is finally kicking out unsupported cards from Android Pay in mid-October, causing people to freak out
Yahoo open-sources machine learning porn filter

Yahoo is the latest tech company to open source its computer vision code. The beleaguered outfit's application for it? Filtering porn. Yahoo hopes that its convolutional neural net (CNN) will empower others to better guard innocent eyes, but admits that because of the tech's very nature (and how the definition of "porn" can vary wildly), that the CNN isn't perfect. "This model is a general purpose reference model, which can be used for the preliminary filtering of pornographic images," a post on the Yahoo Engineering Tumblr says. "We do not provide guarantees of accuracy of output, rather, we make this available for developers to explore and enhance as an open source project." The code is available on Github at the moment, and if you need any testing material, well, there isn't exactly a shortage of it on Tumblr. Just ask Indonesia.
Top Microsoft Open Source Projects You Must Know [Ed: when this site isn’t just plagiarising legit news sites it actually engages in Microsoft openwashing and promotion]
A $5 Linux server, open source software in China, and more news

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Tux Machines is proud to be hosted by

Support Tux Machines

Help Support TM
Wall of Appreciation

Linux Gizmos

Linux Today

LinuxSecurity.com Advisories

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

Linux.com

Web Upd8

DW Latest Releases

Phoronix

Content available under CC-BY-SA