Webmail and Online Banks Targeted By Phishing Proxies

Posted by timothy on Saturday February 16, 2013 @12:58PM from the my-credit-union-won't-even-work-with-mint.com dept.

An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."

1 of 50 comments (clear)

Min score:

Reason:

Sort:

DNSSEC would be nice by Anonymous Coward · 2013-02-16 13:52 · Score: 4, Interesting

It'd be nice if one could bypass the various CA's and enforce HTTP Strict Transport Security (HSTS) as well. I could then have an unlimited number of certificates for my domain and sub-domains. I would see that owning the .com or whatever domain would go up in price though since Verisign and others still want their money somehow and someone still signs the root somewhere.
It'd just be nice to be my own CA for my own domain anyway.