Monday, July 28, 2008

Is your bank's website really who they claim to be?

... because according to this NPR post, if your ISP's DNS server is unpatched, you may end up going to a malicious server even if you type mybankname.com on the browser. [Geek friendly version here]

I recommend checking your DNS server using this site. Now.

-A

2 comments:

  1. There is an add-on in Mozilla Firefox called FormFox https://addons.mozilla.org/en-US/firefox/addon/1579
    This extension displays the form action (the site to which the information you've entered is being sent.) In any place where you can enter data, from search boxes to order forms, mouse over the final Submit button to reveal the destination.
    Works most often for me...

    ReplyDelete
  2. @loonytalk: This is a great extension, but the problem is -- what if your computer "thinks" that bankofamerica.com's IP address is not the real one, but the fake one.

    Then I can have the form submit data to "bankofamerica.com", which in reality will point to my personal server, because your ISP's DNS was unpatched.

    makes sense?
    [also, was your DNS safe?]

    ReplyDelete