An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 2 1 2
Heartbleed & Trusteer Rapport, What's That?
#28686 04/22/14 12:38 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I received email today from USAA and therein, they recommended I install: Trusteer Rapport.

Alas, I have no knowledge of this app and wonder if others here 'bouts have experience with it and what your opinions/recommendations may be.

Perhaps if I better understand how it works rather than what it is supposed to do I would feel less apprehensive. As it is, I'm confused.

Musings most welcome.

Last edited by alternaut; 04/22/14 02:23 PM. Reason: fixed incorrect hyperlink

Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28687 04/22/14 01:20 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
I received no such email from USAA (and, yes, I do have an account). I know nothing about this app but, on the possibility that your email was a phishing email or spam, I would contact USAA directly (via phone or a known bookmark) and inquire.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28688 04/22/14 02:29 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
I installed Trusteer Raport on a recommendation from USAA some months ago. It does not interfere with access but provides an additional level of authentication when logging into your USAA account. It can also provide an automatic login to the USAA site. I don't use the automatic login as I have that covered elsewhere, but the additional authentication does provide a warm fuzzy feeling of security.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Heartbleed & Trusteer Rapport, What's That?
joemikeb #28693 04/23/14 06:23 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Neither of my two banks, Ally & Chase, is listed in the "Banks" drop-down on the Trusteer d/l page. (Maybe Chase isn't big enough to matter?)

Have you got any idea what the significance of that drop-down is?

Edit: Opened ticket.

Update: The drop-down is a list of Trusteer clients.

Edit: I did a bit of searching, and I think Trusteer's protection against MitB(rowser) attacks is not a duplication of DNSCrypt's MitM(iddle) protection. Am I correct?

Update: Nope! Looks like it is (Couldn't get a working URL.)...

Originally Posted By: Trusteer
Which attacks does Rapport protect against?

Phishing

A phishing attack is when the attacker builds a phony website (the phishing site) that looks exactly like a website you know and trust (for example your bank's website). The attacker then lures you to visit the phishing website (for example by sending you a fraudulent email). When you arrive at the phishing website you mistakenly believe that this is the real website. As soon as you try to sign into the phishing website, the attacker grabs your login credentials and can now use them to login to the real website, impersonate you and initiate fraudulent transactions.

Pharming

A pharming attack is when the attacker causes your computer to go to fraudulent website each time you type a real website's name in your web browser address bar. The attack accomplishes this using various techniques such as infecting your desktop with malware or by compromising servers in your ISP's network. Once you arrive at the fraudulent website and try to sign in, the attacker grabs your login credentials and can now use them to login to the real website, impersonate you and initiate fraudulent transactions.

Keyloggers

A Keylogger is malicious software that hides itself inside your computer. The keylogger records keystrokes (i.e. each time you type something on the keyboard) and then sends this information to the attacker. By grabbing your sign-in credentials and other sensitive information and sending them to an attacker, keyloggers enable an attacker to login to your accounts, impersonate you and initiate fraudulent transactions.

Man in the Middle

Man in the middle is an advanced variation of Phishing and Pharming attacks. In this particular attack you sign into the website and start working all the while entirely unaware that all the information exchanged between you and the website is passing to the attacker. The attacker can view any private information and can alter your transactions. For example, if you request to transfer a certain amount of money to a specific payee, the attacker can change the payee's identity and have the money transferred to a different account.

Man in the Browser

"Man in the Browser" is malware that resides inside your browser in the form of an add-on (e.g. toolbar, BHO, browser plug-in). This malware controls everything that happens inside your browser. It is capable of reading sensitive information such as your sign-in credentials and passing them to the attacker. It can also generate transactions on your behalf, such as transferring money from your account to the attacker's account.

Screen Capturing

This term refers to malware that takes pictures of your computer screen and sends them to the attacker. Screen shots can include your account details, balance, and even credentials when the website uses keypads for login.

Session Hijacking

This term refers to malware that steals your session parameters with a specific website and sends this information to the attacker. These session parameters can then be used by the attacker to take over your session with the website and to bypass the authentication process that is required to log into the website.

This app from IBM sounds like a must have, so why is it so obscure?

Last edited by artie505; 04/23/14 09:08 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28695 04/23/14 10:16 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Artie,

One can add sites to the monitored list by clicking on the Trusteer icon (to the right of the Address bar). Once clicked, a drop down menu will present an option to protect that specific site. That feature works with all sites, not just financial institutions.



Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28696 04/23/14 10:31 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> ...all sites, not just financial institutions.

I assume, then, that the client list is for their own info and has no impact on functionality.

Thanks, Harv, and thanks for starting this thread. Trusteer appears to be a useful and desirable app.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28697 04/23/14 10:41 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: artie505
> ...all sites, not just financial institutions.

I assume, then, that the client list is for their own info and has no impact on functionality.


If palliative bromides help, then perhaps the list is of value. Otherwise, fugedaboudit.

Now that USAA is Trusteer champion, I expect we will see more of this app in the marketplace.



Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28698 04/23/14 10:45 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Have you looked at the list of Trusteer clients on the d/l page? It's extensive enough that I'm surprised that it hasn't popped up sooner, particularly since it's an IBM product.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28699 04/23/14 12:43 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: artie505
Have you looked at the list of Trusteer clients on the d/l page? It's extensive enough that I'm surprised that it hasn't popped up sooner, particularly since it's an IBM product.


Yes, though I see it of no user benefit. The sites I added are now at the bottom of the list and they may be edited, and that is fine. But I take exception that IBM's list is not editable, nor can it be hidden. Also, I think the list should be searchable... Maybe in my next life.

Still, I'm glad I have it and 'twas well worth the price.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
jchuzi #28700 04/23/14 01:25 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: jchuzi
I received no such email from USAA (and, yes, I do have an account). I know nothing about this app but, on the possibility that your email was a phishing email or spam, I would contact USAA directly (via phone or a known bookmark) and inquire.


Jon, my apologies for not promptly getting back with you. A bit red-faced am I.

Yes, I did call USAA and they did affirm that the email I received was from them.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28707 04/24/14 07:44 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Feedback filed...along with other stuff! (If the list is editable, does it really need to be hide-able?)



The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28710 04/24/14 09:52 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
The user benefit is that clients of Trusteer clients get extra protection...spelled out in SysPrefs > Trusteer Endpoint Protection > Security Policy (when the disclosure triangles are disclosing).


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28711 04/24/14 10:58 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: artie505
Feedback filed...along with other stuff! (If the list is editable, does it really need to be hide-able?)


I would suggest hide-able over edit, just in case one ever wanted (without reinstalling) the deleted data.

And thanks for noting the Trusteer Endpoint Security/Disclosure Triangles.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28713 04/24/14 11:12 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I suspect that the client list is presented in all its glory for promotional purposes; it'd be plenty easy to have the list cached somewhere and to move a client from the cached list to the active list the first time a user visits its site.

Edit: Note that clicking on many of the names in the client list calls up an ad.

Last edited by artie505; 04/24/14 11:24 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28717 04/24/14 06:19 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
For those who have an interest in the mobile version of Trusteer, I began a thread Here.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28720 04/25/14 12:29 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
To access SysPrefs > Trusteer Endpoint Protection > Security Policy you've got to get past a CAPTCHA pane that says

Quote:
You have chosen to perform an action that requires user approval.

To me, that suggests that an Admin password should be required...that Rapport is insecure in at least one respect, but the CAPTCHA pane suggests that somebody thinks otherwise.

Any ideas?

Edit: Feedback submitted. (This app was clearly not designed by a team that's familiar with OS X.)

Last edited by artie505; 04/25/14 12:49 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28883 05/03/14 10:06 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I needed to turn Rapport off as a troubleshooting step, and I was amazed to find that doing so required getting past both an admin authentication pane and a CAPTCHA pane.

Huh? confused


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28888 05/03/14 06:09 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: artie505
... [turning off Rapport] required getting past both an admin authentication pane and a CAPTCHA pane.

Huh? confused

Think about it: that requirement can be considered an additional safety feature to prevent (or at least make more difficult) malicious disabling of Rapport.


alternaut moderator
Re: Heartbleed & Trusteer Rapport, What's That?
alternaut #28889 05/03/14 08:32 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I've given it considerable thought, and my criminal mind hasn't been able to dream up a single situation in which a CAPTCHA pane would stymie any individual, other, perhaps, than an imbecile, who knows or can guess my admin password.

I'm curious to hear what scenario yours thinks would benefit from one.

This use of CAPTCHA, taken together with its use as the sole security measure protecting Rapport's Security Policy pane, leaves me with the distinct impression that as adept as Rapport's devs are at Internet security, they're equally obtuse about local security.

Addendum: I just turned Rapport back on, and I (only) had to enter my password.

Think about this: Three different situations in which the devs felt that security is required, and three different solutions, two of them relying, either solely or in part, on a security feature that's specifically designed to stymie Internet bots, not people.

Edit: And considering its vulnerabilities, why isn't a password required to access the pref pane in the first place?

Edit 2: And when I asked tech support why user added protected sites can be deleted, poof, just like that...no password, no CAPTCHA, their answer was that the applicable security feature is that users will notice that their icons have turned from green to (a very similarly colored) grey on the unprotected sites. (And what about users who don't opt for an icon in their address bar?)

Again... Huh?

Edit 3: IBM paid a GigaBuck for Trusteer, and while they may have gotten their money's worth in concept, it can be argued that they overpaid, because, at least in part, the implementation neutralizes the concept.

Edit 4: And just for laughs, I'll mention that clicking on any of the options under "Help and Support" in Rapport's pref pane while Safari is already open results in the launch of a second Safari that doesn't show the Rapport icon in its address bar even though the original Safari does. And nobody ever noticed! And they expect us to notice that the icon has changed color?

Last edited by artie505; 05/04/14 12:16 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28900 05/04/14 03:17 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: artie505
I've given it considerable thought, and my criminal mind hasn't been able to dream up a single situation in which a CAPTCHA pane would stymie any individual, other, perhaps, than an imbecile, who knows or can guess my admin password.

I'm curious to hear what scenario yours thinks would benefit from one.

I wasn't thinking so much of the CAPTCHA pane than of the admin authentication it was associated with. I suspect the CAPTCHA module was included 'by default', and for the same reason it's included elsewhere despite its limited utility. I do agree with you regarding other questions you can ask about the rationale behind certain aspects of Rapport's functionality and its UI.


alternaut moderator
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28907 05/05/14 11:05 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Attention Rapport users: I learned from a response to a bug report that changes you make to Rapport's "Security Options" pane are not implemented until your Mac has been restarted.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28908 05/05/14 11:10 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: artie505
Attention Rapport users: I learned from a response to a bug report that changes you make to Rapport's "Security Options" pane are not implemented until your Mac has been restarted.


That's good info and 'tis well to remember. Thanks!

BTW, since Rapport is free, why do you suppose IBM is mucking about with this?


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28909 05/05/14 11:32 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
It's free to end users, Harv, but if you take a monstrously long, one-at-a-time trip through Rapport's client list...the list of "Trusted Websites" in its pref pane, you'll see why IBM paid a gigabuck for Trusteer.

By the way, my bad for not noting that "Warn when I submit security data to insecure sites", one of Rapport's "Security ( tongue ) Options" is set to "NEVER" by default.

Originally Posted By: Rapport Tech Support
Please be advised that the default status of the policy in question is automatically set to "Never". This has been decided by the organization or banking institutions through which you were offered the Trusteer Rapport software.

My response to the effect that I was not offered Rapport by any institution...that I learned about it only because of your OP, has not been addressed. (And unless I'm completely misunderstanding the pref, I've got no idea why anybody would want it set to "Never" by default.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
artie505 #28910 05/05/14 12:04 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Perhaps you understand...

When first going to a [new] bank site or such and presented with the window to enter your name and PW, is it that window that should be added to Rapport or the subsequent window (after log-in) that is to be included? Or both?


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Heartbleed & Trusteer Rapport, What's That?
Pendragon #28921 05/05/14 08:41 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
When you visit a new site on which you'd like protection, as soon as you get to its login page (Edit: Actually, the first page you get to, login or not.) you need to click on the Rapport icon in your browser's address bar and accept the resultant dropped-down offer.

Then, after you've entered your password and clicked on "Submit", you should get a second drop-down with an offer to protect your password, which you should also accept.

I'll note that the process is subject to glitches: By way of example, I've been unable to protect my Chase Bank p/w on the login page I've traditionally used and have had to log out and access a different login page in order to gain protection. Further, I've had major problems getting my eBay p/w protected, and while I have worked it out, I'm unable to explain how.

As you've noticed, your personally protected sites turn up at the bottom of Rapport's "Trusted Websites" list, but you've got to look under "Warn When Login Information is Used in Unknown Websites" under "Security Options" to see your protected p/w's.

Hope this helps, Harv.

Last edited by artie505; 05/05/14 11:20 PM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Page 1 of 2 1 2

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.055s Queries: 65 (0.038s) Memory: 0.7181 MB (Peak: 0.9040 MB) Data Comp: Zlib Server Time: 2024-03-28 20:12:51 UTC
Valid HTML 5 and Valid CSS