Hacker Newsnew | comments | show | ask | jobs | submit login

Complex proxy?? You mean a headless browser like phantomjs and a slightly higher latency apparent to the client. Hardly difficult, which leads to the false sense of security these images provide. It's made slightly harder on the order of minutes to write a few extra lines of code.



It would probably need to be more complex than that if the bank is watching for unexpected activity from individual IP addresses.

-----


The code for the proxy itself isn't that complex, no. But it would have to be tailored to the target's banking site. Again, not extremely complex, but more difficult. And actually implementing the attack, including getting a homographic URL or rouge router, is quite a bit more difficult.

Again, the point is that the security image makes the attackers' lives more difficult. The image lends no "false sense of security" because without the image, you'd have the same sense of security.

-----


I'm always surprised when I write a scraper/proxy (usually in perl) at how little added latency is involved. If I host the thing on a fat pipe (say an EC2 instance), it's not even noticeable at home.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: