An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#28686 - 04/22/14 05:38 AM Heartbleed & Trusteer Rapport, What's That?
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
I received email today from USAA and therein, they recommended I install: Trusteer Rapport.

Alas, I have no knowledge of this app and wonder if others here 'bouts have experience with it and what your opinions/recommendations may be.

Perhaps if I better understand how it works rather than what it is supposed to do I would feel less apprehensive. As it is, I'm confused.

Musings most welcome.


Edited by alternaut (04/22/14 07:23 AM)
Edit Reason: fixed incorrect hyperlink
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28687 - 04/22/14 06:20 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
I received no such email from USAA (and, yes, I do have an account). I know nothing about this app but, on the possibility that your email was a phishing email or spam, I would contact USAA directly (via phone or a known bookmark) and inquire.
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#28688 - 04/22/14 07:29 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I installed Trusteer Raport on a recommendation from USAA some months ago. It does not interfere with access but provides an additional level of authentication when logging into your USAA account. It can also provide an automatic login to the USAA site. I don't use the automatic login as I have that covered elsewhere, but the additional authentication does provide a warm fuzzy feeling of security.
_________________________
joemikeb • moderator

Top
#28693 - 04/22/14 11:23 PM Re: Heartbleed & Trusteer Rapport, What's That? [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Neither of my two banks, Ally & Chase, is listed in the "Banks" drop-down on the Trusteer d/l page. (Maybe Chase isn't big enough to matter?)

Have you got any idea what the significance of that drop-down is?

Edit: Opened ticket.

Update: The drop-down is a list of Trusteer clients.

Edit: I did a bit of searching, and I think Trusteer's protection against MitB(rowser) attacks is not a duplication of DNSCrypt's MitM(iddle) protection. Am I correct?

Update: Nope! Looks like it is (Couldn't get a working URL.)...

Originally Posted By: Trusteer
Which attacks does Rapport protect against?

Phishing

A phishing attack is when the attacker builds a phony website (the phishing site) that looks exactly like a website you know and trust (for example your bank's website). The attacker then lures you to visit the phishing website (for example by sending you a fraudulent email). When you arrive at the phishing website you mistakenly believe that this is the real website. As soon as you try to sign into the phishing website, the attacker grabs your login credentials and can now use them to login to the real website, impersonate you and initiate fraudulent transactions.

Pharming

A pharming attack is when the attacker causes your computer to go to fraudulent website each time you type a real website's name in your web browser address bar. The attack accomplishes this using various techniques such as infecting your desktop with malware or by compromising servers in your ISP's network. Once you arrive at the fraudulent website and try to sign in, the attacker grabs your login credentials and can now use them to login to the real website, impersonate you and initiate fraudulent transactions.

Keyloggers

A Keylogger is malicious software that hides itself inside your computer. The keylogger records keystrokes (i.e. each time you type something on the keyboard) and then sends this information to the attacker. By grabbing your sign-in credentials and other sensitive information and sending them to an attacker, keyloggers enable an attacker to login to your accounts, impersonate you and initiate fraudulent transactions.

Man in the Middle

Man in the middle is an advanced variation of Phishing and Pharming attacks. In this particular attack you sign into the website and start working all the while entirely unaware that all the information exchanged between you and the website is passing to the attacker. The attacker can view any private information and can alter your transactions. For example, if you request to transfer a certain amount of money to a specific payee, the attacker can change the payee's identity and have the money transferred to a different account.

Man in the Browser

"Man in the Browser" is malware that resides inside your browser in the form of an add-on (e.g. toolbar, BHO, browser plug-in). This malware controls everything that happens inside your browser. It is capable of reading sensitive information such as your sign-in credentials and passing them to the attacker. It can also generate transactions on your behalf, such as transferring money from your account to the attacker's account.

Screen Capturing

This term refers to malware that takes pictures of your computer screen and sends them to the attacker. Screen shots can include your account details, balance, and even credentials when the website uses keypads for login.

Session Hijacking

This term refers to malware that steals your session parameters with a specific website and sends this information to the attacker. These session parameters can then be used by the attacker to take over your session with the website and to bypass the authentication process that is required to log into the website.

This app from IBM sounds like a must have, so why is it so obscure?


Edited by artie505 (04/23/14 02:08 AM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28695 - 04/23/14 03:16 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Artie,

One can add sites to the monitored list by clicking on the Trusteer icon (to the right of the Address bar). Once clicked, a drop down menu will present an option to protect that specific site. That feature works with all sites, not just financial institutions.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28696 - 04/23/14 03:31 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
> ...all sites, not just financial institutions.

I assume, then, that the client list is for their own info and has no impact on functionality.

Thanks, Harv, and thanks for starting this thread. Trusteer appears to be a useful and desirable app.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28697 - 04/23/14 03:41 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: artie505
> ...all sites, not just financial institutions.

I assume, then, that the client list is for their own info and has no impact on functionality.


If palliative bromides help, then perhaps the list is of value. Otherwise, fugedaboudit.

Now that USAA is Trusteer champion, I expect we will see more of this app in the marketplace.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28698 - 04/23/14 03:45 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
Have you looked at the list of Trusteer clients on the d/l page? It's extensive enough that I'm surprised that it hasn't popped up sooner, particularly since it's an IBM product.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28699 - 04/23/14 05:43 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: artie505
Have you looked at the list of Trusteer clients on the d/l page? It's extensive enough that I'm surprised that it hasn't popped up sooner, particularly since it's an IBM product.


Yes, though I see it of no user benefit. The sites I added are now at the bottom of the list and they may be edited, and that is fine. But I take exception that IBM's list is not editable, nor can it be hidden. Also, I think the list should be searchable... Maybe in my next life.

Still, I'm glad I have it and 'twas well worth the price.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28700 - 04/23/14 06:25 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: jchuzi]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: jchuzi
I received no such email from USAA (and, yes, I do have an account). I know nothing about this app but, on the possibility that your email was a phishing email or spam, I would contact USAA directly (via phone or a known bookmark) and inquire.


Jon, my apologies for not promptly getting back with you. A bit red-faced am I.

Yes, I did call USAA and they did affirm that the email I received was from them.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28707 - 04/24/14 12:44 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
Feedback filed...along with other stuff! (If the list is editable, does it really need to be hide-able?)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28710 - 04/24/14 02:52 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
The user benefit is that clients of Trusteer clients get extra protection...spelled out in SysPrefs > Trusteer Endpoint Protection > Security Policy (when the disclosure triangles are disclosing).
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28711 - 04/24/14 03:58 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: artie505
Feedback filed...along with other stuff! (If the list is editable, does it really need to be hide-able?)


I would suggest hide-able over edit, just in case one ever wanted (without reinstalling) the deleted data.

And thanks for noting the Trusteer Endpoint Security/Disclosure Triangles.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28713 - 04/24/14 04:12 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
I suspect that the client list is presented in all its glory for promotional purposes; it'd be plenty easy to have the list cached somewhere and to move a client from the cached list to the active list the first time a user visits its site.

Edit: Note that clicking on many of the names in the client list calls up an ad.


Edited by artie505 (04/24/14 04:24 AM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28717 - 04/24/14 11:19 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
For those who have an interest in the mobile version of Trusteer, I began a thread Here.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28720 - 04/24/14 05:29 PM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
artie505 Online


Registered: 08/04/09
To access SysPrefs > Trusteer Endpoint Protection > Security Policy you've got to get past a CAPTCHA pane that says

Quote:
You have chosen to perform an action that requires user approval.

To me, that suggests that an Admin password should be required...that Rapport is insecure in at least one respect, but the CAPTCHA pane suggests that somebody thinks otherwise.

Any ideas?

Edit: Feedback submitted. (This app was clearly not designed by a team that's familiar with OS X.)


Edited by artie505 (04/24/14 05:49 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28883 - 05/03/14 03:06 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
artie505 Online


Registered: 08/04/09
I needed to turn Rapport off as a troubleshooting step, and I was amazed to find that doing so required getting past both an admin authentication pane and a CAPTCHA pane.

Huh? confused
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28888 - 05/03/14 11:09 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
... [turning off Rapport] required getting past both an admin authentication pane and a CAPTCHA pane.

Huh? confused

Think about it: that requirement can be considered an additional safety feature to prevent (or at least make more difficult) malicious disabling of Rapport.
_________________________
alternaut moderator

Top
#28889 - 05/03/14 01:32 PM Re: Heartbleed & Trusteer Rapport, What's That? [Re: alternaut]
artie505 Online


Registered: 08/04/09
I've given it considerable thought, and my criminal mind hasn't been able to dream up a single situation in which a CAPTCHA pane would stymie any individual, other, perhaps, than an imbecile, who knows or can guess my admin password.

I'm curious to hear what scenario yours thinks would benefit from one.

This use of CAPTCHA, taken together with its use as the sole security measure protecting Rapport's Security Policy pane, leaves me with the distinct impression that as adept as Rapport's devs are at Internet security, they're equally obtuse about local security.

Addendum: I just turned Rapport back on, and I (only) had to enter my password.

Think about this: Three different situations in which the devs felt that security is required, and three different solutions, two of them relying, either solely or in part, on a security feature that's specifically designed to stymie Internet bots, not people.

Edit: And considering its vulnerabilities, why isn't a password required to access the pref pane in the first place?

Edit 2: And when I asked tech support why user added protected sites can be deleted, poof, just like that...no password, no CAPTCHA, their answer was that the applicable security feature is that users will notice that their icons have turned from green to (a very similarly colored) grey on the unprotected sites. (And what about users who don't opt for an icon in their address bar?)

Again... Huh?

Edit 3: IBM paid a GigaBuck for Trusteer, and while they may have gotten their money's worth in concept, it can be argued that they overpaid, because, at least in part, the implementation neutralizes the concept.

Edit 4: And just for laughs, I'll mention that clicking on any of the options under "Help and Support" in Rapport's pref pane while Safari is already open results in the launch of a second Safari that doesn't show the Rapport icon in its address bar even though the original Safari does. And nobody ever noticed! And they expect us to notice that the icon has changed color?


Edited by artie505 (05/03/14 05:16 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28900 - 05/04/14 08:17 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
I've given it considerable thought, and my criminal mind hasn't been able to dream up a single situation in which a CAPTCHA pane would stymie any individual, other, perhaps, than an imbecile, who knows or can guess my admin password.

I'm curious to hear what scenario yours thinks would benefit from one.

I wasn't thinking so much of the CAPTCHA pane than of the admin authentication it was associated with. I suspect the CAPTCHA module was included 'by default', and for the same reason it's included elsewhere despite its limited utility. I do agree with you regarding other questions you can ask about the rationale behind certain aspects of Rapport's functionality and its UI.
_________________________
alternaut moderator

Top
#28907 - 05/05/14 04:05 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
artie505 Online


Registered: 08/04/09
Attention Rapport users: I learned from a response to a bug report that changes you make to Rapport's "Security Options" pane are not implemented until your Mac has been restarted.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28908 - 05/05/14 04:10 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: artie505
Attention Rapport users: I learned from a response to a bug report that changes you make to Rapport's "Security Options" pane are not implemented until your Mac has been restarted.


That's good info and 'tis well to remember. Thanks!

BTW, since Rapport is free, why do you suppose IBM is mucking about with this?
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28909 - 05/05/14 04:32 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
It's free to end users, Harv, but if you take a monstrously long, one-at-a-time trip through Rapport's client list...the list of "Trusted Websites" in its pref pane, you'll see why IBM paid a gigabuck for Trusteer.

By the way, my bad for not noting that "Warn when I submit security data to insecure sites", one of Rapport's "Security ( tongue ) Options" is set to "NEVER" by default.

Originally Posted By: Rapport Tech Support
Please be advised that the default status of the policy in question is automatically set to "Never". This has been decided by the organization or banking institutions through which you were offered the Trusteer Rapport software.

My response to the effect that I was not offered Rapport by any institution...that I learned about it only because of your OP, has not been addressed. (And unless I'm completely misunderstanding the pref, I've got no idea why anybody would want it set to "Never" by default.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28910 - 05/05/14 05:04 AM Re: Heartbleed & Trusteer Rapport, What's That? [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Perhaps you understand...

When first going to a [new] bank site or such and presented with the window to enter your name and PW, is it that window that should be added to Rapport or the subsequent window (after log-in) that is to be included? Or both?
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28921 - 05/05/14 01:41 PM Re: Heartbleed & Trusteer Rapport, What's That? [Re: Pendragon]
artie505 Online


Registered: 08/04/09
When you visit a new site on which you'd like protection, as soon as you get to its login page (Edit: Actually, the first page you get to, login or not.) you need to click on the Rapport icon in your browser's address bar and accept the resultant dropped-down offer.

Then, after you've entered your password and clicked on "Submit", you should get a second drop-down with an offer to protect your password, which you should also accept.

I'll note that the process is subject to glitches: By way of example, I've been unable to protect my Chase Bank p/w on the login page I've traditionally used and have had to log out and access a different login page in order to gain protection. Further, I've had major problems getting my eBay p/w protected, and while I have worked it out, I'm unable to explain how.

As you've noticed, your personally protected sites turn up at the bottom of Rapport's "Trusted Websites" list, but you've got to look under "Warn When Login Information is Used in Unknown Websites" under "Security Options" to see your protected p/w's.

Hope this helps, Harv.


Edited by artie505 (05/05/14 04:20 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, cyn