[LINK] BHO scanning tool and New Scam Targets Bank Customers
Rick Welykochy
rick at praxis.com.au
Wed Jun 30 14:35:52 EST 2004
rchirgwin at ozemail.com.au wrote:
> After a longer read of this attack, I have a question (to anyone in particular).
>
> The attacker's BHO code watches a list of banks (including Australian banks).
> If a user launches an HTTPS session to a bank on the list, the BHO then watches the
> session for HTTP GET or POST commands - this is where it grabs user data to send home.
>
> The question: if the banking application is written as a Java applet
> (for eg St George, I think), will it use POST or GET?
My guess: No. The Java applet will talk to the St George server using its own
private protocol. This is the one connection that is allowed inside the Java
sandbox when on the web: the java app can connect to the server that received
the web request.
But I certainly could be wrong. If the Java app is only there to present a nicer
GUI than that available via a web browser and does no extra networking of its own,
then the answer is a Yes - the Java app would use the browser's networking
primitives.
One owuld have to analyse the internet traffic eminating from your PC while
engaging in some St George Online Banking to see which answer is correct.
I would advise doing so only on a non-Windows PC, using any browser except MS/IE.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
I haven't blamed the states for anything. I'm just saying that problems
in the public hospital system are the states' fault.
-- Tony Abbott on NineMSN
More information about the Link
mailing list