interesting-people message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [IP] Bank of America vs security

  • From: David Farber <dave@farber.net>
  • To: Ip ip <ip@v2.listbox.com>
  • Date: Wed, 22 Jun 2005 15:28:30 -0400



Begin forwarded message:

From: Bob Frankston <Bob19-0501@bobf.frankston.com>
Date: June 22, 2005 12:40:17 PM EDT
To: Dave Farber <dave@farber.net>
Subject: Bank of America vs security


I&#x2019;m in the middle of redoing my screen scraping now that Bank of America is forcing Fleet&#x2019;s Homelink users to convert to their new online banking service. I scrape because the data is mine and they make the information available for only al limited time and only while the particular account is open. That&#x2019;s a big issue in its own right &#x2013; at least with paper statements and printed checks people can set the own retention policy but that&#x2019;s not my main problem at the moment.




As an aside, looking their site itself they seem to have lots of home brew Jscript code and I&#x2019;ve found their seem to have trouble maintaining their DNS entries so their redirects can behave badly. Again, a separate topic.



I&#x2019;m more concerned with a strange letter I got. It was sent in the clear, of course, because no one seems to care enough to do even simple encryption &#x2013; while I don&#x2019;t blame CALEA it&#x2019;s a reminder that policies that allow the FBI to spy on us make it even easier for third parties to do so.



The letter was in response to my attempt to setup online transfers. It&#x2019;s the usual thing, emailing me a letter asking me to type back a one-time code to their site to verify that my email address is valid and that I approve the transfer. Everything went smoothly but I decided to look at the received fields in the envelope of the letter (vs the header) and found it to be a bit strange:



Here&#x2019;s the header (with my email address and such information replaced by *&#x2019;s) [you really need HTML to understand this &#x2013; again, another topic &#x2026;]



x-sender: bankofamericatransfer@transfers.bankofamerica.com

x-receiver: **MyUser**@**MySite**

Received: from pula.cashedge.com ([129.41.8.16]) by **MYMachine** with Microsoft SMTPSVC(6.0.2600.2180);

       Mon, 20 Jun 2005 16:44:45 -0400

Received: from real2 (sonicwall [10.0.1.252])

by pula.cashedge.com (8.11.6+Sun/8.10.2) with ESMTP id j5KKiie25797

for <**MyUser**@**MySite**>; Mon, 20 Jun 2005 13:44:44 -0700 (PDT)

Message-ID: <89617797.1119300283724.JavaMail.appft8@real2>

Date: Mon, 20 Jun 2005 13:44:43 -0700 (PDT)

From: bankofamericatransfer@transfers.bankofamerica.com

To: **MyUser**@**MySite**

Subject: Outside the Bank transfers Email confirmation.

Mime-Version: 1.0

Content-Type: text/plain

Content-Transfer-Encoding: 7bit

Return-Path: bankofamericatransfer@transfers.bankofamerica.com

X-OriginalArrivalTime: 20 Jun 2005 20:44:45.0778 (UTC) FILETIME= [E48D5320:01C575D8]



What is &#x201C;pula.cashedge.com&#x201D;? The DNS entry is gone and the number is within IBM&#x2019;s world. I asked about this online to BofA and got a generic response &#x201C;The e-mail was not legitimate. It was part of a fraudulent scheme to illegally acquire your personal financial information. Authorities shut down the fraudulent site within 2.5 hours of its launch. We are working with the Secret Service to prosecute those responsible.&#x201D; It was from a &#x201C;Gregory I. Robinson&#x201D;. When I called the 1-877-833-5617 listed in the letter and pressed 1 (not the 5 they commended because I never typed info into a third party site I was told there was no such person. The letter itself had no site information &#x2013; just the expected confirmation number.



As far as I can tell my own information wasn&#x2019;t compromised &#x2013; the letter contained no critical information other than the email address I use for just that account. The BoA response seemed canned &#x2013; misdirecting rather than informative.



Any idea what is going on? If there was such an interception that is very worrisome.



Even more so because of a letter I received after sending an online Query to CallVantage using another unique address and I quickly got an unrelated letter from a third party site that seemed fraudulent. I reported it to the third party&#x2019;s ISV and got a response saying they were shut down but know no more than that.



I view these as very serious breaches because they indicate attacks at the vital points in the system.



I&#x2019;ve been mulling how to do edge-to-edge implementations in place of relying on the IP addresses but it&#x2019;s been difficult to come up with an alternative to the DNS as an authoritative mapping of identifiers to IP addresses. Maybe that trust is misplaced &#x2026;



Any ideas as to what is going on?







Bob Frankston http://www.frankston.com





-------------------------------------
You are subscribed as interesting-people@lists.elistx.com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

</form>

Powered by eList eXpress LLC