After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs counter to years of customer conditioning, as well as the goals of the browser makers. Three of the five largest U.S. banks now display login forms on non-SSL home pages, including Bank of America, Wachovia and Chase, as well as financial services giant American Express.
Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL.(more...)
A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.
A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.(more...)
Netcraft has adopted the Mirror Image content distribution network for the Netcraft Toolbar, with all of the toolbar requests now carried over the Mirror Image network.
The deployment of a global caching system brings faster and more consistent response times to people using the toolbar throughout the world. Additionally it helps the toolbar system scale smoothly, as the numbers of people using the toolbar have grown quickly since the release of the Firefox version of the toolbar in May.
Mirror Image’s system provides a substantial performance improvement as shown by the response time for the toolbar with Mirror Image (blue), compared to before (green):
Mirror Image's global content caching and distribution network has provided perceptible improvements in response times for the toolbar throughout the world. The toolbar's response time, as measured by our monitors in seven data centers, had been averaging 0.29 seconds. The shift to Mirror Image has accelerated performance, reducing the toolbar's average response time to 0.12 seconds, with reductions of between 47 and 74 percent from various points around the globe.
The toolbar community is effectively a giant neighborhood watch scheme, in which the most alert and expert members act to defend the larger community of users against phishing frauds. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL. Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.
The Phishing Site Feed is also available to ISPs and Enterprises who wish to protect their customers or employees against phishing.
A computer worm disrupted the networks of U.S media organizations today, but has had no visible impact upon major web sites. The worm, which uses a vulnerability in Windows PnP to target Windows 2000 machines, knocked computers offline at CNN, ABC News and the New York Times. The damage appears to be limited to internal corporate networks, as the web sites of the U.S. Fortune 100 show no unusual outages, including the 18 companies in the index hosted on Windows 2000. Likewise, Britain's FTSE 100, which has 36 sites running on Win2K, shows no suspicious performance problems either.
Working exploits for new Windows vulnerabilities began appearing on the Internet last Thursday, just two days after the security holes were outlined in Microsoft's monthly security advisory. Over the weekend the Zotob worm appeared, compromising unpatched Windows 2000 machines.(more...)
Exploits are circulating for at least two new vulnerabilities in Microsoft software, barely two days after the critical security holes were disclosed in security advisories. The swift availability of working exploit code provides additional incentive for Windows users to update their systems promptly following the monthly release of security patches.
Microsoft acknowledged Thursday that "detailed exploit code " had been published for a vulnerability in Plug and Play technology that could allow a remote attacker to take control of a Windows machine via the Internet, with Windows 2000 systems being at particular risk. "Users running Windows 2000 are vulnerable to a potential worm attack that would take advantage of this flaw," noted security research firm eEye Security. The vulnerability, known as MS05-039, is addressed in the latest Windows Update patches issued Tuesday.(more...)
The market for resold domains continued to trend higher with a series of spectacular deals this month. Meanwhile, prices for first-time domain registrations can't get much lower, with pricing unchanged at all major providers this month.
The sales of website.com and property.com for $750,000 apiece set the pace in the resale market. The mid-July sale of website.com was the highest sale price this year, according to auctioneer Sedo.com, topping the $700,000 sale of Local.com in March. The buyer, Hub Services Ltd., operates DotEasy, a free hosting service in British Columbia. That price was matched early this month when New Jersey commercial real estate professional Ted Kraus sold property.com for $750,000 in a private sale, with industry veteran Rick Schwartz reported to be the buyer.
As in July, pricing for first-time domain sales remained stable, with no significant price changes by major providers.
Retail Domain Name Prices, August 2005 Company One-year
Primary Business  Primary Region Netfirms $4.95 Shared Hosting America 1&1 Internet AG $5.99 Mixed Hosting Europe Hostway $6.95 Shared Hosting America Interland $7.95 Mixed Hosting America Web.com $7.95 Mixed Hosting America AIT Domains $7.99 Mixed Hosting America Stargate $8.49 Shared Hosting America Go Daddy Inc $9.20 Domain Registrar America Yahoo $9.95 Shared Hosting America Verio $9.95 Mixed Hosting America RegisterFly $9.99 Domain Registrar America Netcetera $12.66 Mixed Hosting Europe Dotster $14.95 Domain Registrar America FastHosts/UKReg $16.08 Mixed Hosting Europe Pipex/123Reg $16.27 Mixed Hosting Europe eNom $29.95 Domain Registrar America Register.com $30.00 Domain Registrar America Network Solutions $34.99 Domain Registrar America