Language Selection

English French German Italian Portuguese Spanish

Phishers Learn to Exploit VeriSign

Submitted by srlinuxx on Monday 23rd of May 2005 07:13:16 AM Filed under
Security

Everyone knows not to believe everything they read on the Web. But things get sticky when a company whose main businesses is assuring the security of online transactions gives you assurances that don't hold up.

A few days ago, I received e-mail ostensibly from Bridgeport (Conn.)-based People's Bank, informing me of some security problem and asking me to click on a link and enter my account information. I get dozens of these phishing attempts, and when I see a new one, I'll often check it out. (Don't try this at home -- I use a special isolated computer to protect myself and my PC against the viruses, worms, and other nasties that these sites often attempt to download to a user's machine.)

VULNERABLE ARCHITECTURE. The e-mail had the usual giveaways to alert the wary. I'm not a customer of the bank. The link pointed to a numerical Internet address, not www.peoples.com, the bank's genuine site. And the bank's name was prominently misspelled "Peopel's" in one reference. Phishers have used the names of many banks and businesses in other phishing scams.

But the phony bank Web site the message linked to features a graphic of a VeriSign seal with the text "VeriSign Secure Site: Click to Verify." When I clicked on the seal, I got a page from a VeriSign server that announced in bold blue type: "PCB.PEOPLES.COM is a VeriSign Secure Site" and that its status was "valid." I had to read way down into the text on the page to be advised: "To ensure that this is a legitimate VeriSign Secure Site, make sure that the original URL of the site you are visiting comes from PCB.PEOPLES.COM" -- which, of course, it did not.

When I brought the matter to the attention of Mountain View (Calif.)-based VeriSign (VRSN ), Group Product Manager Tim Callan wrote in an e-mail: "This phisher has built his spoof on top of VeriSign's version 1 seal architecture. The version 1 architecture was conceived and created before phishing was a phenomenon, and so it was not designed with that attack in mind.

Full Story.

»

More in Tux Machines

Games and Software Leftovers

  • Golem 0.6.0 released for Ubuntu, macOS, and Windows
    Golem Project, creator of the first global market for idle computer power today announced it released Golem 0.6.0 for Ubuntu, macOS, and Windows. The team stated that the majority of changes are not directly visible to the user, but there are a few noteworthy modifications.
  • Stardock CEO asking to see interest in Ashes of the Singularity: Escalation on Linux with Vulkan
    Ashes of the Singularity: Escalation [GOG][Steam][Official Site] will come to Linux if Stardock see enough requests for it. The CEO of Stardock has requested to see how much interest there is.
  • Chrome won

    The chart above shows the percentage market share of the 4 major browsers over the last 6 years, across all devices. The data is from StatCounter and you can argue that the data is biased in a bunch of different ways, but at the macro level it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated.

  • Mailman 3.1.0 released
    The 3.1.0 release of the Mailman mailing list manager is out. "Two years after the original release of Mailman 3.0, this version contains a huge number of improvements across the entire stack. Many bugs have been fixed and new features added in the Core, Postorius (web u/i), and HyperKitty (archiver). Upgrading from Mailman 2.1 should be better too. We are seeing more production sites adopt Mailman 3, and we've been getting great feedback as these have rolled out. Important: mailman-bundler, our previous recommended way of deploying Mailman 3, has been deprecated. Abhilash Raj is putting the finishing touches on Docker images to deploy everything, and he'll have a further announcement in a week or two." New features include support for Python 3.5 and 3.6, MySQL support, new REST resources and methods, user interface and user experience improvements, and more.
  • Cockpit – Monitor And Administer Linux Servers Via Web Browser
    Cockpit is free, open source Server administration tool that allows you to easily monitor and administrator single or multiple Linux servers via a web browser. It helps the system admins to do simple administration tasks, such as starting containers, administrating storage, configuring network, inspecting logs and so on. Switching between Terminal and Cockpit is no big deal. You can the manage the system’s services either from the Cockpit, or from the host’s Terminal. Say for example, if you started a service in Terminal, you can stop it from the Cockpit. Similarly, if an error occurs in the terminal, it can be seen in the Cockpit journal interface and vice versa. It is capable of monitoring multiple Linux servers at the same time. All you need to do is just add the systems you wanted to monitor, and Cockpit will look after them.
  • Buttercup – A Modern Password Manager for Linux
    Buttercup is a cross-platform, free, and open-source password manager with which you can remotely access any of your accounts using a single master password. It features a modern minimal UI, password imports from 3rd-party apps, and basic merge conflict resolution.
  • FreeFileSync The Best Backup And File Synchronization Tool For All Platforms
    FreeFileSync is an open source free to download and use software that can sync your files easily to another disk while maintaining permissions and other important stuff. It is cross platform so you can use it on any OS without any problem. Let us see how to download and use it in Linux.

today's howtos

GNOME: Mutter, gresg, and GTK

  • Mutter 3.25.2 Has Bug Fixes, Some Performance Work
    Florian Müllner has pushed out an updated Mutter 3.25.2 window manager / compositor release in time for the GNOME 3.25.2 milestone in the road to this September's GNOME 3.26 release. Mutter 3.25.2 has a number of fixes ranging from fixing frame updates in certain scenarios, accessible screen coordinates on X11, some build issues, and more.
  • gresg – an XML resources generator
    For me, create GTK+ custom widgets is a very common task. Using templates for them, too.
  • Free Ideas for UI Frameworks, or How To Achieve Polished UI
    Ever since the original iPhone came out, I’ve had several ideas about how they managed to achieve such fluidity with relatively mediocre hardware. I mean, it was good at the time, but Android still struggles on hardware that makes that look like a 486… It’s absolutely my fault that none of these have been implemented in any open-source framework I’m aware of, so instead of sitting on these ideas and trotting them out at the pub every few months as we reminisce over what could have been, I’m writing about them here. I’m hoping that either someone takes them and runs with them, or that they get thoroughly debunked and I’m made to look like an idiot. The third option is of course that they’re ignored, which I think would be a shame, but given I’ve not managed to get the opportunity to implement them over the last decade, that would hardly be surprising. I feel I should clarify that these aren’t all my ideas, but include a mix of observation of and conjecture about contemporary software. This somewhat follows on from the post I made 6 years ago(!) So let’s begin.

Distro News: Alpine, Devuan, and openSUSE

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6