On 9/7/2014, 12:12 AM, JB wrote:
I was not thinking correctly and you are right
about DNS but it goes back to the same issue
of why do you think B of A techs would not be
aware of this and have me change my password.
A DNS spoof is outside of their control, and they wouldn't know you are
trying to connect through a modified server. When you spoke with them,
I'm sure they assumed you had a clean connection. It's similar to
dialing a wrong phone number; the person you intended to call will never
know you're trying to reach them.
DNS translates web addresses containing words into web addresses
containing only numbers. Your computer stores some DNS entries which
tell your Mac where to get those translataions, and other servers
between you and the rest of the net can also modify DNS on every hop. If
your computer, or one of the servers in between your computer and the
bank, has been modified, your request can be re-routed to a fake site.
The fake site will look virtually identical to the real one in many
ways. Usually they copy the images and layout of the real site. In your
case, the fake site included ads that were not on the real site, which
would be a tip-off. You said the URL had been changed too; that's a red
flag that you'd been re-routed.
BofA has no way of knowing that a server somewhere has intercepted your
request. If the problem is on your own computer (which is what a trojan
would do,) then all requests to your bank (or any site that has been
intercepted) will be re-routed to a fake one. If the problem is on a
server in between your computer and the bank, then anyone who tries to
connect to the bank through that server will be re-routed. You should
first check your own computer to be sure it has the right DNS entries.
Your service provider will know what those are and can verify if yours
are correct. If they are, then the problem is, unfortunately, largely
out of your control. Your service provider can try to track where the
problem is, and you should tell them about it.
The bank would be unaware of any problems. There are millions of paths
through the internet from one point to another. In the cases where you
did connect to their site successfully, your request likely travelled
through an uninfected server. A browser request is not guaranteed to
take the same path each time it travels to a certain site.
The point is, somewhere along the line it sounds like you got re-routed
to a fake site. If you entered your bank credentials on that fake site,
the malware authors now have your password and login details. The bank
won't know anything about it because you never arrived there. But if our
guess is right, you should change your password immediately. When you
do, make sure you are at the real site. Look closely at the URL and
verify it really belongs to BofA.
This is kind of techy, but here is one explanation:
<http://www.networkworld.com/article/2277316/tech-primersow-dns-cache-poisoning-works/tech-primers/how-dns-cache-poisoning-works.html>
I tried to find one with the clearest explanation for the layman, but it
is a confusing topic. There is a lot going on between you and the rest
of the net, and without some basic info about how it works, it's pretty
geeky.
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
