Forgot your password?
Security Privacy The Almighty Buck

Webmail and Online Banks Targeted By Phishing Proxies 50

Posted by timothy
from the my-credit-union-won' dept.
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."
This discussion has been archived. No new comments can be posted.

Webmail and Online Banks Targeted By Phishing Proxies

Comments Filter:
  • DNSSEC would be nice (Score:4, Interesting)

    by Anonymous Coward on Saturday February 16, 2013 @09:52PM (#42925313)

    It'd be nice if one could bypass the various CA's and enforce HTTP Strict Transport Security (HSTS) as well. I could then have an unlimited number of certificates for my domain and sub-domains. I would see that owning the .com or whatever domain would go up in price though since Verisign and others still want their money somehow and someone still signs the root somewhere.

    It'd just be nice to be my own CA for my own domain anyway.

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley