Comments on: New Findings Lend Credence to Project Blitzkrieg

By: MARIAN WOOLSEY

MARIAN WOOLSEY — Sat, 29 Dec 2012 20:10:22 +0000

There never seems to be any comment about the South Carolina Department of Revenue being hacked. Maybe we are just unimportant???

By: Chris Thomas

Chris Thomas — Fri, 28 Dec 2012 09:56:31 +0000

I am pleased to see that an advert for Trusteer now appears on the front page of http://krebsonsecurity.com

For Windows and Mac users, there is no better way to make online banking as reasonably secure as possible. It is impossible to ensure total security but to use Trusteer Rapport is to exercise Due Diligence with two capital Ds.

I would no more go online to my bank without Rapport than I would leave my house without being decently clothed.

By: Bat-ment

Bat-ment — Sun, 16 Dec 2012 13:34:06 +0000

I agree its so easy to do and it dont cost much either . But people like Brian Crebs and Mcfee team thinks its out of this word and only professional hackers like them can do it .so out of touch

By: Bat-ment

Bat-ment — Sun, 16 Dec 2012 13:25:03 +0000

Brian we watching you .

From FSB With Love .

By: Chris Thomas

Chris Thomas — Sun, 16 Dec 2012 11:20:37 +0000

If only all Windows and Mac users would perform their online banking under the protection of Trusteer Rapport. If only all banks would place Trusteer software in their systems. One can dream …..

By: CArboN

CArboN — Sun, 16 Dec 2012 02:23:51 +0000

Half of America must be crapping there pants right now , just cos some kid with 500 infected PCs said something publicly . Brilliant — yellow press at its best .it only takes 3 min to infect 500 PCs this days anywhere in the word no problemo they even let you pick the country .

Brian u said it before .You like traffic this story brings to your blog that all .So you keep going over and over and over the same old dead story again and again . SUCK it till its dry !!

i will lough my head of in spring/summer/winter/when ever in 2013 when every single bank will say , we spent all this money and nothing happening .bloody Brian Crebsky and his BS story’s .

By: ScottH

ScottH — Sat, 15 Dec 2012 03:12:04 +0000

Good report Brian. Thanks!

By: Curious Observer

Curious Observer — Fri, 14 Dec 2012 06:02:44 +0000

The virtual-machine-synching modules seems like an overly complicated solution to a relatively simple problem: evading device fingerprinting.

In a nutshell, the issue is that by checking various browser settings, the banking website can guess with a high probability whether the connection comes from the usual user’s pc or some other machine. To evade the detection, the attackers want to mimic the victim’s system as much as possible.

I don’t want to go into technical details here, but you can completely defeat this protection with either off-the-shelf software or a simple custom browser extension. Building an entire virtual machine environment for this task seems positively Rube Goldberg-esque.

By: Melissa Brown

Melissa Brown — Thu, 13 Dec 2012 23:28:14 +0000

I want a child from you, you are so smart!

By: JK

JK — Thu, 13 Dec 2012 20:49:42 +0000

Keep on keeping on. Thanks, krebs!