Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Amker
« on: 30. May 2007., 23:19:44 »

“Because that's where the money is” was apparently the reason given by Willie Sutton when asked why he kept robbing banks. Even though that statement may be correct, Willie Sutton never said it like this – as he explains in his book “Where the Money Was.” Still, it evolved into one of those urban myths, quoted many times. But there is an even better analogy to be made between the life of this bank robber from the 1940s and today’s online crime.

One of his nicknames was “The Actor,” which he gained after committing robberies in broad daylight, impersonating trusted personnel. He varied his disguise from telegraph messenger to maintenance man to policeman. He had realized that an acetylene torch was not the best way into a safe – it was much easier to abuse people’s trust, as no one really expected such assaults from within their own ranks. It was like an insider job, but without actually belonging to the team in the first place. Those old-school social engineering tricks are comparable with modern-day attacks that try to gain your trust. Just like in Sutton’s time, if skillfully executed, these tricks are still successful today.

Trusting unknown components in your system can give you nightmares. Even worse, often you don’t know that you have a piece of suspicious software running on your machine, such as a Trojan or rootkit. This leads to you thinking you are secure, when in reality you aren’t. Most security technologies are based on certain assumptions. For example, using common cryptography to send messages from Alice to Bob assumes that Alice can trust her own typewriter to create the message. Having an infected computer system affects this axiom. Alice can no longer trust that her typewriter writes what she types. Taking it one step further, she can’t even be sure that the typewriter doesn’t covertly send this message to anyone else except Bob. In the real world it might be easy to verify that what you type appears the same on the paper, but in cyberspace this verification can be very complex and difficult to achieve. How can you be sure that your system is doing exactly what you want it to do? Can you trust the applications on your system, or be sure that Web browser is not a bank robber in disguise?

Knowing that SSL will encrypt the information flow from your system to the bank’s server is an important part, but it should not trick you into thinking that your data is now protected at all times. There are multiple moments where attacks are possible before the information even leaves your machine. Starting with logging every keystroke when you type them, hooking the browser’s functionality, down to intercepting network traffic before it gets encrypted with SSL. That is why you need good protection on your system. Don’t let yourself be fooled into thinking that the Web application uses a panacea to protect you in all cases. Even two-factor authentication will not necessary protect you from today’s Trojans, as we have already seen in the wild.

Even if you do trust all the add-ons that you might have installed in your browser that update constantly with new features, there are other risks.So next time you check your account balance online, not only make sure that your session is SSL protected, but also make sure that your system is protected, or you might end up asking yourself: “Wasn’t that where all my money was?”
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising