Online Billpay Provider Loses Control of Domains 232
An anonymous reader writes "Several sites are running a story about a domain hijacking at Checkfree, the largest provider of online bill payment services to numerous banks and credit unions. According to Network Solutions, someone logged in to the domain administration page using Checkfree's account, and redirected its domains to a site in the Ukraine configured to serve up malware to unsuspecting users." Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.
As a customer.... (Score:5, Interesting)
Posting anonymously so I don't get sued.
Re:DNS Hijacking (Score:5, Interesting)
Funny thing is it's a step back for Network Solutions security. You USED to be able to set it up to require a RSA key for domain changes, back when everything was done via odd forms over email.
Benefits of Paper Checks (Score:5, Interesting)
Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.
I'm one of those holdouts who still use paper checks, envelopes, and stamps to pay my bills. Once a month or so I'll bring the stack into the office and take care of it during downtime, and folks look at me like I'm transmitting morse code over a telegraph. I do bank online, but I don't do online bill pay.
One reason I still cling to checks is that they allow me to be the final arbiter and gatekeeper of my money, and I have better fiscal responsibility when I'm directly involved in disbursement. Each time I physically write out a check, there's a bit of mental bookkeeping that takes place. You can't sit down and write "One thousand one hundred ninety-eight and 32/100" without pausing for a moment to think, holy shit, that's X% of my paycheck. If you elect not to use online bill pay, you have to actually look at your credit card statements each month, instead of just setting up a $200 monthly ACH and ignoring the current total.
I'm afraid that if I set everything up to be paid automatically, I'd very quickly wake up to discover that my checking account is overdrawn because I wasn't paying enough attention. Writing checks and licking envelopes is my way of keeping tabs on what's going out the door each month. The potential security benefits don't hurt, as anyone screwing around with mailed bills faces the wrath of the United States Postal Inspection Service. Unlike most online fraud, fucking with the mails will actually get you in trouble, and USPIS doesn't blow you off if you haven't suffered hundreds of thousands of dollars in losses.
I do miss the one benefit that physical checks had up until a couple of years ago, the float. Check21 pretty much ruined that, but maybe it was for the better. Come to think of it, I haven't overdrafted since Check21.
Long live the check, just stay away from my routing numbers.
Comment removed (Score:4, Interesting)
Re:Benefits of Paper Checks (Score:3, Interesting)
That was my thought too... it's a 'throw the baby out with the bathwater' thing.
Firstly, as an Australian I am CONSTANTLY amazed at the US's continued reliance on cheques (yes, that's how the rest of the world spells it). When I lived there for a while in 2001 I was amazed that I couldn't pay the majority of my bills online at all, even if I wanted to. The time consuming, paper wasting, overly complex and error prone thing of handling all those cheques is just insane.
I pay all my bills electronically via the BPay system [bpay.com.au] in Australia, there's virtually nothing you can't pay this way.
I DO have automatic payments for some things, but only those that are a constant amount each month (internet for example)... everything else is manually handled, but jumping onto internet banking and putting in the figures is a WHOLE lot faster and less resource intensive than making out X cheques, putting them in envelopes and mailing them all.
Pure madness.
Re:Benefits of Paper Checks (Score:4, Interesting)
Just what I was thinking...
My wife and I (she's the math major and very detail oriented) pay bills online, manually. I don't like "automatic" because it's easy to set up, but difficult to stop. I'm not sure I see any big difference between writing "1000" on a slip of paper (which is not legal tender) or putting numbers into a field on a form.
I also can't imagine anyone not reconciling their bank and credit card statements against their records each month. We keep a detailed budget that shows every transaction (credit, checking or cash) and we reconcile the bank and credit card statements against it each month. As frequently as banks screw up, it just makes sense.
Of course, our money is in a credit union, not a big national bank, so I like to think we get better service when we do have an issue. It's certainly much better than other big banks where we've had accounts *cough-citibank-*cough and had terrible service.
Not a banking issue (Score:2, Interesting)
I've been involved w/ online/PC banking for 15 years or so and can tell you it's been a huge time + postage savings for me. I have no idea what the cost of a stamp is because the only reason I'd ever need them is for bills. Give it a shot w/ just one bill for a month or two.
That said, CheckFree is fairly notorious for their poor service and it's not surprising to me if they turn out to be at blame here. Especially disturbing is the apparently slapshod response.
Aging brain dead old Re:Benefits of Paper Checks (Score:4, Interesting)
The current bill payers in America are getting old.
The credit card companies have a stranglehold on paying by any form of credit card.
Paypal is evil.
There is no nationally accepted payment system where someone or both do not get gouged some fee. Checks are one of the few ways both parties can avoid some of the fees though I've heard that banks are starting to jack up the cost of processing them.
Our banks do not cater to customers, they are hind bound and greedy. They won't do anything unless they can screw their customers or the government for money.
When the banks finally get less incompetent they might be able to pry online payments and credit cards away from the major credit card companies. It won't happen soon because of the long term incestuous symbiotic relationship they have.
Don't be stupid...Most users are. (Score:3, Interesting)
*For some reason the software lets you manage your account fine from a Mac, but won't let you do the first time setup.
Re:As a customer.... (Score:2, Interesting)
As another "customer" (CheckFree is the backend for our billpay vendor), I can confirm that they handled this incredibly poorly.
Their notifications to us were vague and delayed. They were full of technical inaccuracies. One email referred to the "DNS routing tables". Another said that customers without "Adobe installed" wouldn't be affected. (Adobe ____?)
We were given misleading information about the nature of the malware, and calls seeking more information were never returned. Apparently there was an Adobe PDF vulnerability that was exploited, but they never clearly explained the process clearly.
And best of all, they never mentioned HOW this happened in the first place... Now it's obvious that they have something to hide.
Makes me want to take in incident response class from SANS.
Re: Checks are dangerous too! (Score:3, Interesting)
Mod the parent up. Seriously. So what if he is an Anonymous Coward. frick'in stupid moderators. :P
What is so wrong paying cash? For example, I have a AT&T dsl account that I'm "suppose" to have
a CC attached to it for payment. Wtf? Why should I have to go through these loopholes to pay my bill?
Do I have options to pay the account locally? Yes, I finally found that out. Automated payments are
evil, end of story. When has it became so evil to pay by cash? If I can't have a option to pay by
cash, without loopholes then said companies need to be sued, period. Oh, and I'm billed a month
ahead of my usage. Nice.....
Re:Use a better registrar (Score:1, Interesting)
Wire transfer (Score:4, Interesting)
Re:Don't be stupid... (Score:1, Interesting)
From what I understand of events, if you were getting that message then YOUR bank did not know. CheckFree did not notify anyone, even banks, until well after the domain was recovered and the Ukrainian IP was down.
Checks here is not accepted anymore (Score:2, Interesting)