Language Selection

English French German Italian Portuguese Spanish

Phishers Learn to Exploit VeriSign

Filed under

Everyone knows not to believe everything they read on the Web. But things get sticky when a company whose main businesses is assuring the security of online transactions gives you assurances that don't hold up.

A few days ago, I received e-mail ostensibly from Bridgeport (Conn.)-based People's Bank, informing me of some security problem and asking me to click on a link and enter my account information. I get dozens of these phishing attempts, and when I see a new one, I'll often check it out. (Don't try this at home -- I use a special isolated computer to protect myself and my PC against the viruses, worms, and other nasties that these sites often attempt to download to a user's machine.)

VULNERABLE ARCHITECTURE. The e-mail had the usual giveaways to alert the wary. I'm not a customer of the bank. The link pointed to a numerical Internet address, not, the bank's genuine site. And the bank's name was prominently misspelled "Peopel's" in one reference. Phishers have used the names of many banks and businesses in other phishing scams.

But the phony bank Web site the message linked to features a graphic of a VeriSign seal with the text "VeriSign Secure Site: Click to Verify." When I clicked on the seal, I got a page from a VeriSign server that announced in bold blue type: "PCB.PEOPLES.COM is a VeriSign Secure Site" and that its status was "valid." I had to read way down into the text on the page to be advised: "To ensure that this is a legitimate VeriSign Secure Site, make sure that the original URL of the site you are visiting comes from PCB.PEOPLES.COM" -- which, of course, it did not.

When I brought the matter to the attention of Mountain View (Calif.)-based VeriSign (VRSN ), Group Product Manager Tim Callan wrote in an e-mail: "This phisher has built his spoof on top of VeriSign's version 1 seal architecture. The version 1 architecture was conceived and created before phishing was a phenomenon, and so it was not designed with that attack in mind.

Full Story.

More in Tux Machines

Twitter Clients

  • Best in Breed Twitter Clients for Linux
    Twitter is a social networking service that is a bit of a conundrum to many. At any given time it can be used to connect with people of a like mind, and at another it’s an exercise in frustration, thanks to the never-ending stream of data. But for those that depend upon the service as a means to either stay connected, promote a product or service, or even (on certain levels) research a given topic, it’s a boon.
  • Pick of the Bunch: Command line Twitter Clients
    A console application is computer software which is able to be used via a text-only computer interface, the command line interface, or a text-based interface included within a graphical user interface operating system, such as a terminal emulator (such as GNOME Terminal or Terminator). Whereas a graphical user interface application generally involves using the mouse and keyboard (or touch control), with a console application the primary (and often only) input method is the keyboard.
  • db2twitter: Twitter out of the browser
    You have a database, a tweet pattern and wants to automatically tweet on a regular basis? No need for RSS, fancy tricks, 3rd party website to translate RSS to Twitter or whatever. Just use db2twitter.

FOSS/Linux Events

  • The Linux Foundation Becomes Steward of the Open Networking Summit
    If you're able to get to the Silicon Valley area in March, there is a big open networking conference taking shape, with some very talented participants. The Linux Foundation is announcing that the Open Networking Summit (ONS) is becoming a Linux Foundation event, and ONS 2016 will take place March 14-17, 2016 in Santa Clara, Calif.
  • Visualize astrophysics data with Blender
    The Blender Conference has become a fantastic showcase not just of attractive art and animation, but also unconventional uses of Blender and open source software.
  • SDN/NFV DevRoom at FOSDEM: Deadline approaching!
    We extended the deadline for the SDN/NFV DevRoom at FOSDEM to Wednesday, November 25th recently – and we now have the makings of a great line-up!

today's howtos

Red Hat News

  • Linux Top 3: RHEL 7.2, Puppy Linux 6.3 and Bodhi 3.1.1
    In the enterprise Linux space, few if any Linux distribution are as widely deployed as Red Hat Enterprise Linux (RHEL) and none make as much revenue. RHEL 7.2 is the latest incremental update of Red Hat's flagship Linux platform and is the second update of RHEL this calendar year.
  • Satellite 6 and Foreman re-provisioning
  • What to do when an employee's passion dwindles
    Frank, a longstanding member of my team, was unhappy and disengaged. He was visibly upset, avoided speaking up in meetings, and had declining productivity. It was obvious to everyone who worked with him that there was a problem—we had to do something to get Frank back on track, or his future on the team was uncertain. (And just to clarify: Frank is not a real person, but an amalgamation of several).
  • Red Hat, Inc. (NYSE:RHT) Shares Price Target Update
    Analysts on Wall Street have placed a short term price target of $85.058 on shares of Red Hat, Inc. (NYSE:RHT). This is according to 17 analysts polled by Zacks Research. The brokerage firm with the most lofty expectation has a $92 target. One the other end, the analyst with the most conservative objective sees the stock heading to $72.