Friday, November 9, 2012

Trusteer

I've heard about Trusteer and wanted to know what it is. trusteer.com is too vague. Probably because they offer several products and services. Anyway, I'm interested in the thing that's backed by the banks, which turns out to be effectively a browser plugin.

Visit ingdirect.ca > (at top left) I'm a client, let me in > (at bottom right) Trusteer. Download it now. > Download for windows > Agree, Install, Finish.

It then launches Firefox (my default browser) in safe-mode, and runs a compatibility test.

http://activation.trusteer.com/v3/installation-complete

Trusteer Rapport works standalone or alongside any desktop security solution. It hides your login credentials and web communication from any type of malware and prevents unauthorized access to your accounts.

When you browse to a website in Internet Explorer, Firefox or Google Chrome, the Trusteer Rapport icon appears in or near the browser’s address bar. The icon is green when Rapport is protecting your communication with the website.

Rapport comes preconfigured to protect certain websites which are working directly with Trusteer to give their valued customers the best protection possible.

To activate Rapport protection, browse to the website, click the grey Rapport icon, and then click the “Protect this Website” button.

You can then browse to a test website. Click the "start protecting this website" button and login. It throws up a popup interrupting your password submission.

Rapport has identified password submission.
Do you want Rapport to start protecting this password?

If you click 'Protect this password' Rapport will warn you when you enter this password into a new website where it was not previously entered. This would help you identify fraudulent websites that ask for your login information.

Rapport does not store your password and soes not send it outside of your computer.

Okay, well as long as I look at the url bar, I know where I'm at and don't need that help, but it might be good for someone's grandmother.

But it does tricker stuff as well, I change my hosts to point a public ssl site to a local apache with a self-signed cert that just proxies to the real site. This isn't a convincing MITM scenario because the cert is untrusted, but I had this setup for unrelated purposes. Anyway, trusteer magically routes the requests to the real webserver, bypassing my proxy, even though a ping from console shows my proxy's IP for that domain.

It probably does some other slick stuff too, but I ran out of time.

{ "loggedin": false, "owner": false, "avatar": "", "render": "nothing", "trackingID": "UA-36983794-1", "description": "", "page": { "blogIds": [ 275 ] }, "domain": "holtstrom.com", "base": "\/michael", "url": "https:\/\/holtstrom.com\/michael\/", "frameworkFiles": "https:\/\/holtstrom.com\/michael\/_framework\/_files.4\/", "commonFiles": "https:\/\/holtstrom.com\/michael\/_common\/_files.3\/", "mediaFiles": "https:\/\/holtstrom.com\/michael\/media\/_files.3\/", "tmdbUrl": "http:\/\/www.themoviedb.org\/", "tmdbPoster": "http:\/\/image.tmdb.org\/t\/p\/w342" }