Webmail and Online Banks Targeted By Phishing Proxies 50
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."
Re:My problem with session cookies... (Score:5, Informative)
A session cookie is just like a case number, it may be used to speed up communication between departments or sections of your website. Whenever I'm in a queue, there's always a ticket I hold to identify where I am in the queue, what my wait time is, possibly referenced by their third party SLA/QA company, and it could be tied to my Account Number when I get to the counter. It's stomached in real life, because it brings order to what could be chaos, and makes our lives that little bit simpler.
Secondly you must be rather naive to think permission is required to monitor your *every* activity. Through various laws, mutual sharing agreements, and straight greed, there's a wealth of information for people to gather and misuse. While they limit "personally identifiable" information, they gather everything they can and assign it their own ID. It then only takes a little homework to link the ID and your real ID together, and its just this last step which is prohibited in these privacy clauses.