Be Careful With Secure/Financial Transactions Online

12 posts

Flag Post

So, I don’t know how many of you know about this, but the internet is somewhat quietly FUBAR at the moment. I don’t know all of the details (and friend of mine just told me about this), but the short version of the story is that someone found a security hole in DNS (yes, the DNS, all of DNS), figured out how to patch it, and started working with DNS providers to get the patch installed. Once all of that was done, they were going to release the details, which was scheduled for Aug. 7. In the meantime, some idiot blogger thought it’d be a good idea to spill the beans early and release the details of the security flaw, despite the ISPs not being patched up. It was quickly removed, but there is widescale speculation that the details are still available and potentially being used.

The result is that someone could find a way to make your computer think it’s going to www.amazon.com, but in fact get rerouted to their own site, which may well look and act like amazon, but instead will steal your credit card info or password.

If you’d like more information, check out the slashdot post as well as the guy who discovered the flaw

My friend recommends using OpenDNS in the meantime, though even that’s not fool-proof since you don’t know what DNS lookups might be occurring internally at the financial institutions.

 
Flag Post

If the information were still avaliable, a 4chan anon would post about it for epic lulz, but all I see is loli, so I’m pretty sure it’s not out there.

 
Flag Post

that’s just…wow. Epic.

but dammit, i was going to buy a t-shirt online just now… i’m blaming it on the stupid blogger if it goes out of stock in the meantime.

 
Flag Post

Yeah – I really don’t know how seriously to take the warning. Yes, there’s a big threat and yes you could be at severe risk. What we don’t know is if anyone has taken advantage of it. I don’t want to be spreading rumors and increasing fear of the internet, but we do need to be careful, at least for the next 2 weeks…

 
Flag Post

Thats easy, don’t go onto amazon. Since it is for the SU I enver use it.

 
Flag Post

Basically, get OpenDNS, at least for the next 2 weeks, and you should be fine.

 
Flag Post

What’s OpenDNS? Whats DNS? I only go on eBay!

 
Flag Post

Uh…ok, well, you might think you’re going to ebay when in fact you’re going to a spoof of eBay that’s stealing your passwords and credit card numbers. You can google DNS for more details, but basically is the thing that translates www.google.com into 48.23.53.124 (I made it up), which is the IP address.

 
Flag Post

I recently got bait and switched and am seeking a BBB case.

Not that it has anything to do with his thread. :-D

 
Flag Post

Yikes – still kinda scary though. The one plus side is that if you protect yourself with OpenDNS, you should be fairly safe. While someone might swipe your Amazon password, it will be Amazon’s ass on the line if they didn’t take the proper security measures for it.

 
Flag Post

oh no, bait and switch has nothing to do with credit cards. They listed a price, I ordered at that price, waited a month, e-mailed them and then they changed the price much higher, citing a production change in price. I informed them that it was illegal to change the price of merchandise after sale, and that it has been deemed fraudulent by federal court. They responded that they have the right to change the price at any time without notice, which is false. I explained that their inability to contact me about my product (were it out of stock, they’d have solid ground to stand on) would hurt them in the BBB case. They immediately canceled and refunded the order. I’m still filing with the BBB, as well as referencing on resellerrating.com. (You can see my complaint)

 
Flag Post

Ah, I hadn’t heard the term bait-and-switch before. Actually, I think it is within their right to cancel an order post sale if a pricing error was noted. However, they certainly cannot maintain the order and force you to pay the higher price. I had this happen to me with Walmart.com (who mistakenly listen SSBB at $25 as a pre-order and promptly canceled all of the orders that were placed). They have it in their terms that they reserve the right to cancel orders (but again, not to change price and force you to take the new one).