[clug] St.George Browser Based Banking Feedback

David Collett david.collett at dart.net.au
Mon Jun 28 00:45:19 GMT 2004 

Fellow Clugger Michael Cohen wrote a plug proxy which should be able to
do this, I know it can do SSL MitM. You can find it here:
http://sourceforge.net/projects/reapoff

I might have a play with that idea myself.
Dave

On Mon, 2004-06-28 at 10:32, Peter Barker wrote:
> On Sun, 27 Jun 2004, Chris Henman wrote:
> 
> > Thank you for your email.
> >
> > Unfortunately, we do not support Linux/ Unix.
> >
> > The incompatibility of Linux/ Unix is an issue, which has been made
> > highest priority. We are currently working on a fix, so that we can
> 
> ..
> 
> This is the same canned-response which I got back last time this came
up
> on the list. I'm not even sure a human saw my message; they may just
match
> "linux" and send the canned response :)
> 
> One thing which worries me here. Here St George are claiming that this
is
> their "highest priority". This either means that St George are
absolutely
> bloody lying about their priorities, or that they are completely
> incompetent (6+ months to get something working where it was before?).
> Either way, if I were an investor in St George, I'd be worrying about
> their management for making false claims or not fulfilling customer
> expectations.
> 
> I had a play with getting this working a while back. It isn't terribly
> difficult to get ahold of bbbSmall.jar. I tried playing with
classpaths
> etc to get the applet running - and I did that, played around with the
> security model a bit etc etc... but then got tripped up with a
meaningless
> error.
> 
> What I might try to do next is MitM attack against myself. That is,
use an
> SSL proxy which substitutes JUST for the bbbSmall.jar URL. Does
anybody
> here know if I can use squid to do just that - or should I play around
> with my own proxy to do this?
> 
> >      Chris Henman
> 
> Yours,
> -- 
> Peter Barker                          |   N    _--_|\ /---- Barham,
Vic
> Programmer,Sysadmin,Geek              | W + E /     /\
> pbarker at barker.dropbear.id.au         |   S   \_,--?_*<-- Canberra
> You need a bigger hammer.             |             v    [35S, 149E]
> "They'll need a whole new Orwellian pseudo-crime-name for that... I
>  suggest "digital molestation of kittens". -  Jeremi (14640) from
Slashdot

More information about the linux mailing list