How To: Manage columns of data (was Re: How To: Delete columns of data)

[J. Landman Gay]

On 9/7/2014, 12:12 AM, JB wrote:
> I was not thinking correctly and you are right
> about DNS but it goes back to the same issue
> of why do you think B of A techs would not be
> aware of this and have me change my password.

A DNS spoof is outside of their control, and they wouldn't know you are 
trying to connect through a modified server. When you spoke with them, 
I'm sure they assumed you had a clean connection. It's similar to 
dialing a wrong phone number; the person you intended to call will never 
know you're trying to reach them.

DNS translates web addresses containing words into web addresses 
containing only numbers. Your computer stores some DNS entries which 
tell your Mac where to get those translataions, and other servers 
between you and the rest of the net can also modify DNS on every hop. If 
your computer, or one of the servers in between your computer and the 
bank, has been modified, your request can be re-routed to a fake site. 
The fake site will look virtually identical to the real one in many 
ways. Usually they copy the images and layout of the real site. In your 
case, the fake site included ads that were not on the real site, which 
would be a tip-off. You said the URL had been changed too; that's a red 
flag that you'd been re-routed.

BofA has no way of knowing that a server somewhere has intercepted your 
request. If the problem is on your own computer (which is what a trojan 
would do,) then all requests to your bank (or any site that has been 
intercepted) will be re-routed to a fake one. If the problem is on a 
server in between your computer and the bank, then anyone who tries to 
connect to the bank through that server will be re-routed. You should 
first check your own computer to be sure it has the right DNS entries. 
Your service provider will know what those are and can verify if yours 
are correct. If they are, then the problem is, unfortunately, largely 
out of your control. Your service provider can try to track where the 
problem is, and you should tell them about it.

The bank would be unaware of any problems. There are millions of paths 
through the internet from one point to another. In the cases where you 
did connect to their site successfully, your request likely travelled 
through an uninfected server. A browser request is not guaranteed to 
take the same path each time it travels to a certain site.

The point is, somewhere along the line it sounds like you got re-routed 
to a fake site. If you entered your bank credentials on that fake site, 
the malware authors now have your password and login details. The bank 
won't know anything about it because you never arrived there. But if our 
guess is right, you should change your password immediately. When you 
do, make sure you are at the real site. Look closely at the URL and 
verify it really belongs to BofA.

This is kind of techy, but here is one explanation:

<http://www.networkworld.com/article/2277316/tech-primersow-dns-cache-poisoning-works/tech-primers/how-dns-cache-poisoning-works.html>

I tried to find one with the clearest explanation for the layman, but it 
is a confusing topic. There is a lot going on between you and the rest 
of the net, and without some basic info about how it works, it's pretty 
geeky.

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com