[LINK] Animated cursor flaw in All Windows

Rick Welykochy rick at praxis.com.au
Wed Apr 4 18:45:44 AEST 2007 

Howard Lowndes wrote:

>> Correct me if I am wrong, but if a poisoner manages to add an entry
>> to the Windows' local hosts file, they can accomplish what I describe.
>> I am sure I have demonstrated this in the past.
>>
>> i.e. Windows does use the hosts file before going external.
> 
> You are, of course, correct.  I had forgotten that little exploit.

Interesting how a little exploit, in which the attacker edits a text file,
can serve as the precursor to a massive attack. This would be difficult
if not impossible on a non-Windows box since the hosts file is
usually marked "read only".

Think about what happens when you go to, for example,

https://onlinebanking.cbc.com.au/login

and it all looks good. The digital cert works, there may be a minor
glitch with cert processing (of course you just click "Okay"), the "lock"
appears in your browser and you are in. You are looking at a bogus
Commonwealth bank website that knows your account balances, and can
proxy any requests for live information to the real CBC online banking
site. In no time at all, they have your login info, your account details,
and worst of all, they own your account. Without really even owning
your machine.

One very important word of advice the banks should be offering: is this.

    If you see *any* irregularities concerning the digital certificate
    authentication process while logging on to your bank account, i.e.
    a dialogue pops up regarding cert credentials, IP address, date, etc.etc.,
    simply close down your browser, shutdown your computer and contact
    a technical expert. There is something very wrong somewhere in your
    system and you best not proceed with any online transactions until
    the problem is identified and eradicated.

That is about the only thing and inexperienced Internaut can do. Otherwise,
they *will* get stung somewhere along the way, imnsho. Similar to driving
a vehicle with failing brakes, I suppose.

sighs,
rickw


-- 
_________________________________
Rick Welykochy || Praxis Services

Security wins over ease of use every time.
      -- rick welykochy

More information about the Link mailing list