I agree with Chintan. Posting links related to major attacks are OK but turning out mailing list into 'News Board' is not a good idea..... ;)
On Thu, Jan 7, 2010 at 12:29 PM, chintan dave <[email protected]> wrote: > I think news like this one are better for tweeting instead. > Just a thought ! > > On Thu, Jan 7, 2010 at 11:56 AM, SUMAN SOURAV < > [email protected]> wrote: > >> *ADVISE : SME Must Do Online Banking from Dedicated Computers* >> >> *US** FBI and the American Bankers Association recommend using dedicated >> computers for online banking * >> >> By Lucian Constantin, Web News Editor >> >> 4 January 2010 >> >> >> http://news.softpedia.com/news/Small-Businesses-Should-Conduct-Online-Banking-from-Dedicated-Computers-131086.shtml >> >> Following a flurry of incidents where hundreds of thousands of dollars >> have been siphoned from the bank accounts of small businesses and public >> institutions, the Federal Bureau of Investigation (FBI) and the American >> Bankers Association (ABA) advise using dedicated computers for online >> banking operations. This unusual security model should severely limit the >> exposure to malware threats for the PCs in question. >> >> The level of Automated Clearing House (ACH) transfers fraud rose >> significantly during last year prompting serious concerns from the >> authorities. These fraudulent schemes are complex and usually leave little >> evidence behind to help investigators or the victims looking to recover >> their losses. >> >> Such attacks usually start with a computer trojan infecting a computer >> used for online banking at an institution. Thousands of different versions >> of these trojans are released every month in order to bypass the detection >> mechanisms of antivirus software. >> >> Once on the computer, the malware watches for browsing sessions to known >> online banking websites and information such as authentication credentials >> or account balance is captured. Subsequently, the attackers direct the >> trojan to initiate batches of fraudulent transfers to bank accounts >> belonging to various U.S. residents that have been tricked to work for them. >> >> The latter are known as "money mules" and are usually recruited by fake >> foreign companies under the promise of a profitable work-from-home job. >> Their task is to receive money allegedly coming from customers of the >> company and wire them out of the country, while keeping a commission for >> themselves. >> >> Unfortunately for companies, they are not protected by the same laws as >> general consumers. While banks will reimburse the losses caused by fraud >> when personal accounts are involved, they are not required to do so for >> business accounts. They can recall transfers as long as the money has not >> been withdrawn and wired, but if the later happens, it is almost certainly >> lost. >> >> USA Today reports that the feds' recommendation regarding the use of a >> dedicated PC for online tasks is based on reducing possible infection >> vectors, since apparently browsing to unrelated websites or checking email >> from it should be banned. The companies are also advised to request >> receiving out of bank payment confirmation. >> >> We'll go even further and suggest that the dedicated computer use Linux, >> FreeBSD, or even Mac OS X, if that suits you better. We're not trying to >> start a controversy over which operating system is better or more secure. In >> fact, this has nothing to do with the security of the operating system >> itself, but the fact that 99.9% of these trojans were constructed for >> Windows and will fail to run on anything else. >> >> The easiest approach is downloading a Linux live CD, booting from it, >> performing the online banking tasks, then removing it and restarting back >> into Windows. Need to open an excel spreadsheet, browse, check email or >> access a network storage? The Ubuntu Linux live CD will allow you to run >> Firefox, OpenOffice and perform most of the basic tasks without installing >> anything on the local disk. >> >> >> >> >> >> Regards >> >> Suman >> >> >> Le e-mail provenienti dalla * Sella Synergy India Private Ltd * sono >> trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi >> per la * Sella Synergy India Private Ltd * stessa, salvo che cio' non sia >> espressamente previsto da un precedente accordo. >> Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La >> preghiamo di comunicarne via e-mail la ricezione al mittente e di >> distruggerne il contenuto. La informiamo inoltre che l'utilizzo non >> autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. >> Grazie per la collaborazione. >> >> E-mails from* Sella Synergy India Ltd Private * are sent in good faith >> but they are neither binding on the * Sella Synergy India Private Ltd *nor >> to be understood as creating any obligation on its part except where >> provided for an agreement. >> This e-mail is confidential. If you have received it by mistake, please >> inform the sender by reply e-mail and delete it from your system. Please >> also note that the unauthorized disclosure or use of the message or any >> attachments could be an offence. >> Thank you for your cooperation. >> >> _______________________________________________ >> Owasp-delhi mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-delhi >> >> > > > -- > Regards, > Chintan Dave, > > LinkedIn Profile: http://www.linkedin.com/in/chintandave > Blog:http://www.chintandave.com > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > -- Thanks & Regards, Nilesh Kumar, Engineer-Security| Honeywell Technology Solutions http://www.honeywell.com/ www.nileshkumar83.blogspot.com www.linkedin.com/in/nileshkumar83 Mobile- +91-9019076487 _______________________________Honeywell Honeywell Technology Solutions Lab
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
