 jmn1207Premium
join:2000-07-19
Ashburn, VA | It looks as if that has already been patched. The browser I normally use does not currently show any unpatched Secunia advisories, and the developers have been very quick to respond when potential problems do appear.
A fake site might be able to mimic Wells Fargo's site, but if someone attempts to log in and check their account, I would think it would be immediately obvious that something was not quite right. Recent transactions would not be able to be forged on a fake site unless the bank's site, itself, was completely compromised. Even if a browser is fooled into thinking the site is legit, I would be EXTREMELY concerned if the site popped a message claiming to be temporarily down after entering my login credentials. I'd be on the phone immediately.
There is only so much I can do, within reason, to protect myself. As long as more valuable data is out there that is much easier to get to, I won't panic. FiOS is so fast and reliable, any phantom proxy being used had better be damn fast with very low latency, otherwise I'd be doing all kinds of tests to see what the problem might be, which could possibly expose the security problem, or at least put me on notice to stay away from more security sensitive sites until the issue can be resolved. |
| It's a man in the middle attack, the attacker intercepts the data, and passes it through after recording it. Think of it as a guy standing in line in front of you that relays all your information to the teller, not only do you and the teller complete the transaction in the normal manner but the guy in the middle has all the data too. The problem as already noted is that it won't work on an encrypted connection.
You shouldn't be passing ANY login information in clear text. If the connection isn't encrypted you shouldn't be logging in. |
