Jump to content
House Price Crash Forum
Sign in to follow this  
corevalue

Rapport

Recommended Posts

I've just been asked to install Rapport by my BS. Ha! Apart from the fact that I use Linux (which is not supported) and either Opera or Firefox (which don't work gracefully with Rapport), I found this little gem whilst researching what it does:

The scenario under which Flashlight would be used is if a customer calls a bank to check on a possible fraud. The fraud investigation team would ask the person to install Flashlight, which can detect if the browser has been previously tampered with. The customer would be asked to send a log report, which can then be analyzed while the customer is on the phone, Boodaei said.

Flashlight can also send other data, such as details of a PC's operating system, version number of applications and whether antivirus software was up-to-date at the time of the infection.

It says "flashlight" is installed by request, but how long before it's done without your knowledge during the initial install of Rapport?

Am I being paranoid. Comments anyone?

Share this post


Link to post
Share on other sites

A lot of that info is available to any website you browse anyway, irrespective of what software you have installed on your PC.

See the attached screen grab of a sample page from a hit on one of my websites.....

The code which you embed in your page to capture these details is widely available and a subscription to a data collection service very inexpensive.

If little old me can get that detail of info imagine what the security services and banks can get.

Edit to add. For the record I have Rapport installed on my system as suggested to me by my Bank Nat West.

web details.JPG

post-13816-0-89402400-1304501068_thumb.jpg

Edited by geezer466

Share this post


Link to post
Share on other sites

From your site.....

Edit (10/4/10): I am still getting a lot of hits on this blog post so I thought that I ought to point out that Rapport as a product has matured a lot in the last year and many of the problems with compatibility, etc., have been sorted out. Also, the marketing has changed a lot to be much more realistic. If this is used as a layer in your overall security arsenal and is combined with user education, then it will help to protect your machine, data and identity. Download a keylogger for yourself and try using it before and after installing Rapport and you might see why your Banks are pushing it. I still think that the Banks have a duty to educate their users and to standardise the process of conducting online transactions and authentication to help users and stop many of the attack vectors currently being exploited.

Provided you employ Rapport as an additional security layer and keep your anti virus and other stuff up to date there shouldn't be any problems....

Online banking sites usually only ever require a login and selected parts of a password (never the whole thing) so this in effect renders a keylogger useless.

Of course if there was such a thing as a keylogger that could do an automatic screen grab at exactly the moment the details were being entered then and then email the jpeg/txt off off to a remote address then there could be issues, but I have never heard of such a thing.

Share this post


Link to post
Share on other sites

Its not impossible though, if anything quite easy to do for your avg Win32 api programmer imo.

How would the key-logger know when to fire off the screen grab? Key-loggers record everything text wise entered into a keyboard. There are too many variables for it to be able to work efficiently.

If it was possible to build such a tool and co-ordinate it so that it recorded and set in motion screen grabs when particular sites were opened then getting it to work under the radar (your eyes and AV protection) is the hard thing.... Otherwise it would have been done already.

Lets not forget some of the most brilliant script kiddies on the planet work for the bad people

On a more serious note irrespective of whatever protection methods and levels of encryption are in place as soon as someone can develop such a tool and can distribute it will be the moment all online financial transactions come to an end.

Share this post


Link to post
Share on other sites

From your site.....

Of course if there was such a thing as a keylogger that could do an automatic screen grab at exactly the moment the details were being entered then and then email the jpeg/txt off off to a remote address then there could be issues, but I have never heard of such a thing.

The bank I use (Natwest) dosesn`t display the password characters on the screen, you just get bullet characters.

Share this post


Link to post
Share on other sites

The bank I use (Natwest) dosesn`t display the password characters on the screen, you just get bullet characters.

I think you're missing the point... the keylogger grabs the keys entered (which won't be bullets), and then the screengrabber grabs an image so that the bad guys know which letters of your password you entered (e.g. letter 2 and 5).

As others have noted, tricky to pull off (co-ordinating the screen-grab with the keylogger and ensuring it only kicks in when you try to access an online bank account).

Share this post


Link to post
Share on other sites

On a more serious note irrespective of whatever protection methods and levels of encryption are in place as soon as someone can develop such a tool and can distribute it will be the moment all online financial transactions come to an end.

It's possible to envisage methods that wouldn't be prone to the screengrabber, but so far the one's I've imagined would be rather more cumbersome for the user (e.g. as well as the computer input phone a number with a code to let you log on).

Share this post


Link to post
Share on other sites

The bank I use (Natwest) dosesn`t display the password characters on the screen, you just get bullet characters.

Google Asterisk key and you will know these 'dot' are readable. Rapport prevents against reading these character.

After rejecting it for a long time, I installed it and it works fine with IE, Firefox and Chrome.

As already been said - it is no where near full proof but just an additional padlock..

Share this post


Link to post
Share on other sites

How would the key-logger know when to fire off the screen grab? Key-loggers record everything text wise entered into a keyboard. There are too many variables for it to be able to work efficiently.

From what I've read of trojans and malware, many aimed at stealing banking details will do regular screen grabs as well as keylogging. They will also specifically target activity when the user accesses known online banking sites.

What exactly does this Rapport software do anyway? My online banking recommends it but I'm happy enough with the security precautions on my PC already (a top rated antivirus plus a couple of well regarded anti-malware programs to augment it).

Share this post


Link to post
Share on other sites

From what I've read of trojans and malware, many aimed at stealing banking details will do regular screen grabs as well as keylogging. They will also specifically target activity when the user accesses known online banking sites.

What exactly does this Rapport software do anyway? My online banking recommends it but I'm happy enough with the security precautions on my PC already (a top rated antivirus plus a couple of well regarded anti-malware programs to augment it).

Its knows your login for your online banking site(s).

If it sees you use that login on any other site than the one it knows you use it for (your online bank) it throws up a warning.

Share this post


Link to post
Share on other sites

What exactly does this Rapport software do anyway?

In essence, it continues the https tunnel back from the browser, through the pc to your peripherals. Basically, it stops any other process from reading any info you input or receive. It specifically defeats keyloggers and is designed to make your PC secure for internet banking even when riddled with trojans. The software is from Israel. I was involved in the first UK banking implementation of it years ago.

Share this post


Link to post
Share on other sites

Rapport and any solutions like it are far from ideal. Client side controls over security are completely the wrong way to go and any security professional will tell you so.

Banks are now starting to issue key fobs along the lines of secureID that generate a unique ever changing passcode. This is far better and the costs are not prohibitive. The rule is supposed to be something you are, something you have and something you know. For years they have just gone with two of three and that's been a problem. Keyfobs with access codes address 'something you have' and that is much better security than some client side software that we have no control over and no real knowledge of what they are doing.

That's my two cents worth.

Share this post


Link to post
Share on other sites

If you use Google Chrome & have Rapport installed it will screw with browser when viewing or using any Flash based websites and keep crashing ( I don't know if any one has mentioned this previously)......stay away I would suggest.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 312 Brexit, House prices and Summer 2020

    1. 1. Including the effects Brexit, where do you think average UK house prices will be relative to now in June 2020?


      • down 5% +
      • down 2.5%
      • Even
      • up 2.5%
      • up 5%



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.