[BC] Amazon spoof
richardbrianjohnson at verizon.net
richardbrianjohnson at verizon.net
Fri Jul 11 06:58:20 CDT 2014
Anybody who has a server, directly accessible to the Internet, can set up a DNS and a "special" web page.
The DNS can have a local address for the Bank of America login screen or any other, and the server can emulate that screen, while passing the name and password on to the real one. The name and password are saved locally for access in the future and the person using the web access to the bank account is none-the-wiser. These "man-in-the-middle" servers can collect lots of login credentials and then be moved to another IP address. The chances of getting caught are low.
This problem can be mitigated by using a hard-coded IP address for a Name Server, instead of the dynamic caching servers automatically loaded by M$ and friends.
Cheers,
Richard B. Johnson
http://www.AbominableFirebug.com
On 07/10/14, Al Stewart<stewarta at impact.ca> wrote:
They're still doing it ... and now Nigerians are apologizing for other Nigerians who were "dishonest"
in their dealings. And now you can really get they money you were entitled to if you etc etc etc.
More information about the Broadcast
mailing list