- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
March 02, 2006 | Comments: (0)
Commercial site dedicated to creating security-bypassing programs
This site allows you to purchase programs, which could easily be used to create malicious trojans to attack banking web sites, bypass SSL connection protections, and steal passwords:
www.ratsystems.org
(untrusted site, careful if you visit)
It even has programs that would be capable of bypassing the new protections in the Barclays online bank logon screen as discussed in my most recent column.
Here's some of its technology descriptions taken direction the web site:
IE Form Grabber
This technology allow to to collect web data form. This technology allows you to collect forms with authorization based on magicword used in United Kingdom and other EU countries. Module can collect data from browser even if connection is secured and data transmitted thru HTTPS protocol. This technology used in UK Banks authorization leak test.
Saved Passwords Grabber: Protected Storage, Outlook, Far FTP, TotalCommander FTP, The Bat!
This is a module for retreiving passwords from system. Almost all passwords, stored in system (cashed passwords, autocomplete forms, outlook, The Bat! and others) can be founded
E-Gold Grabber
Old technology which now in review and rewriting stage. It shows how it's easy to grabb passwords typed even with SRK (Secure randomized keyboard)
Posted by Roger Grimes on March 2, 2006 05:18 PM
RATE THIS ARTICLE:
-
- COMMENTS
