Comments on: Comerica Phish Foiled 2-Factor Protection

By: kwan

kwan — Sat, 10 Apr 2010 04:43:15 +0000

I have to concur with the last comment. Suppose banks issued a fairly user friendly, bootable , password protected, Open BSD keychain stick to their assigned customer’s representative that was unwrite-able, and linked to a static secure sockets IP? AKA a hardware key for the money, in addition passphrase and whatever human based verification routines they might care to invoke? Couldn’t spoof the website that way, and might autoverify all the connections. Only question is, would people use it?

Oughtta have the same thing for votin’ , durn gummuh and big bidner anyway.

Like or Dislike: 0 0

By: Sean

Sean — Mon, 05 Apr 2010 22:34:41 +0000

We’ll check back with you in about 10 years, and then see how smart you feel then

Like or Dislike: 1 0

By: gluetube

gluetube — Tue, 09 Mar 2010 19:29:44 +0000

there is no excuse for falling for a phishing scam, or getting infected with malware. i am 25, work in infosec field, do programming, have never once been infected (or godforbid fall for phishing).

i think people should be fined for falling for phishing– a “phishing phee”.

i think people should be fined for being infected with malware

use a secure OS, use common sense, dont be an idiot. idiots should be forced to pay

don’t use insecure software like adobe
patch stuff if needed

conclusion:

pay a phee for phalling for phishing
don’t be an idiot
i’ve never had a problem, no one else should either

kthx

Like or Dislike: 0 4

By: J

Wed, 03 Mar 2010 21:48:31 +0000

If I read the complaint right Comerica sent almost 2 million in wires – EMI is claiming a loss of about 560k.

My best guess is Comerica contacted EMI when their account balance hit zero – someone dropped the ball at Comerica and didn’t halt the additional wires. Those wires fall on Comerica; after being able to recall a few of them I bet Comerica took about a million dollar loss.

Shame on the bank for not recognizing the highly unusual transactions earlier, shame on the EMI employee for being so trusting and shame on the EMI Controller/CFO for accepting the risk on on-line wires when the apparently had no need for them.

Like or Dislike: 0 1

By: Harry Stoner

Harry Stoner — Thu, 18 Feb 2010 16:54:15 +0000

I have written some banking software. For wire transfers an RSA SecurID token was required for every transfer as I recall. If that had been implemented here, the MITM would not have been able to perform even one transfer without continued contact with the “mark.”

Behavioral checks or policy should have alerted the bank to the fact that the wire transfer rate on that day was perhaps 20,000 times higher than the rate established over the previous two years.

Comerica also established a bad pattern by using emails to update the certs for 8 years.

SSL client-auth also only validates sessions, not transactions.

Shame on the client for not catching the phishing attack but the bank is guilty guilty guilty IMO.

Like or Dislike: 0 0

By: antihacker101

antihacker101 — Sun, 14 Feb 2010 18:50:29 +0000

since i seen your name more and need someone to respond so i know i got out, it would be awesome. i been the target since aug 2008 and havnt got any help yet. i got a hold of someone who claims to be microsoft’s chief engineer, and i showed him and his group the proof and evidence of just some of what i know, and was told to get a hold of ed gibson. i wrote some comments asking for help, andi got a response from him with his hotmail email address. i responded but 5 or 6 days i think, and no response. i was intercepted many ways. my phone affect everyone. i see these hackers through my machines hacking everyone. i still have no control over my machines to this day and know what im doing. right now, i get the impression of the worm rebuilding itself and at the same time, someone yesterday and today removed part of the worm that that was in place to hide anything from reaching your terminal that could help you fight the worm.

whats really going on is sorta scary. all the community sites along others were being hacked years without notice. even microsoft and msft and verison.
the hacker is using a smartphone and a tower to insert radio packets into a chip in the motherboard of every system. he then inserts the well dug in backdoor part of the bot and programmed it to have highest priority.
that backdoor and hacker use both sides of the connetion to go down a list of exploits form any open port(mostly 80). first is adobe popup from hell. no matter what setup you have, he gets in. one system he uses is creating any certificate of choice of any site that would be used to create a cookie. the cookie has an option of blocik/allow/view info. no matter what you choose, the backdoor intercepts all packets and can be ginven commands of any choice.

the backdoor/bot in return uses smft to send email back to thew hacke and using a code in the subject for direction of which computer its form. the code has a dollar sign before and after every word. mine was $chicago$ and $danielle$ one for computer and the other for phone. this is how i got their number which is now disconnected.

another thing a bout the worm that was never mentioned yet is string insertions to any text i type. it starts eating letters and twisting them. since yesterday, that speeded up due to someone removing the layer that hid parts of the worm in kernel.

the lag noticed is linked to a 2nd machine infected being turned on in a local area and is somehow using signals that is used to monitor the hardrives…

im sure there is more to it now, but that was the pattern i seen

anyways, how can i get a return so i know that i successfully sent a message unintercepted

Like or Dislike: 0 3

By: M Henri Day

M Henri Day — Sun, 14 Feb 2010 11:36:11 +0000

Thanks for replying, AlphaCentauri ! After first logging in, I can order a transaction without any further authentication, but in order to carry it out, I have to sign in – a process similar to but distinct from – the initial authentication. I’m not certain whether a man-in-the-middle attack would be able to intercept and modify both the initial order and the confirmation necessary to complete it….

Henri

Like or Dislike: 1 1

By: antihacker101

antihacker101 — Sun, 14 Feb 2010 11:22:10 +0000

i seen signs now for the first time that the main part of the botbnet worm is being addressed. this global hijack allows the hacker to gain access to any server with highest authority and probably dont really need a connection from what i experienced. in my situation, they first get in the board of devices such as computers using radio packet injections. all security i attacked it with failed. i thank a lot of the security teams for listening to me and be aware of whats going on. there is still a lot of work to be done, but i seen yesterday for the first time parts of the main worm being stripped allowing me to see what he had hidden. a lot of hardware was seen that i couldnt see before allowing me to gain for info on the technical info.

Like or Dislike: 0 5

By: AlphaCentauri

AlphaCentauri — Sun, 14 Feb 2010 07:32:29 +0000

I’m not sure I’m clear on the steps you’re describing, but the question is whether any authentication must be entered after the initial log in? A man-in-the-middle attack simply waits for you to do all the logging in, then once you have done it shows you a screen that says the site is temporarily unavailable while it accesses your account.

Like or Dislike: 1 0

By: Chip-and-PIN broken, NSA and Google team up, USB fingerprints and more « Zero Knowledge Reflections

Fri, 12 Feb 2010 20:11:10 +0000

[...] Banks sometimes encourage bad security — If you train users to click on links in email to update their security information, don’t be surprised when they fall for phishing scams. [...]

Like or Dislike: 0 0