Crimeware: Looking for solutions
- Date: October 12th, 2009
- Author: Michael Kassner
- Category: Security
Crimeware is bad news. We need to figure out how to stop it. I see some resolution on the horizon, but will it be enough?
————————————————————————————
You may have heard of Man in the Middle attacks, meet Man in the Browser attacks (MitB). The term has been around since 2005, but not used much. That's changing, thanks to current crimeware, considered a form of MitB attack. According to Wikipedia, MitB is:
"A trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application.
A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place."
I covered an instance where crimeware played a part in stealing almost a half million dollars in this post. In my next article, I discussed Zeus and URLZone, possibly the crimeware used in the half million dollar hoist. In this article, I would like to dig deeper into possible solutions.
Read more...
http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e101
Don
No comments:
Post a Comment