An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 2 1 2
Rapport: any opinions?
#5168 10/20/09 06:30 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I use my bank's On Line Banking to move money around accounts, check balances, and pay people.

In the last two days they've been badgering me (=nagging me) to sign up for, and download something called Rapport, for extra on-line protection.

They've detected that I'm on a Mac, and highlight the Mac version.

So far I've clicked past it, thinking "uh-huh".

What do other people think of this Rapport? Has anyone heard of it? Should I do it, or is it just more flim-flam?

Here's a link:

http://www.natwest.com/personal/online-b...OTC-rapportFURL

Some outfit called Trusteer seems to be involved.

All comments welcome. Thanks, Bensheim

Re: Rapport: any opinions?
Bensheim #5176 10/21/09 03:36 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Looks like this a British thing, not widely used in the US. I tried to install and my bank site where I go online is highlighted in green as they promise. However, other banks where I check the credit cards do not show it. I could find a couple of reviews; they are not glowing at all but it might be related to the fact that people don't understand it. One poster frankly wrote that he could not understand the usefulness because there are no messages or warnings. Since your bank urges you to install it (make sure it is the bank and not somebody else - call the customer service), I would do it. On the other hand, iCab warns you if you visit a phishing or malware distributing site keeping the Google database up to date to a day. Rapport claims to check for keystroke recorders as well, which my be good for us. Generally, I am not sure how it does the tricks it claims to do.
The program installs a folder Rapport in the main library; there is an uninstaller file. I am not sure how to uninstall with it.
Would also be curious about others' opinions.
Cheers


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5181 10/21/09 05:28 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
It appears this may be one of those products that protects Macs against threats that do not exist on the Mac — at least at this time.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Rapport: any opinions?
joemikeb #5182 10/21/09 05:37 PM
Joined: Aug 2009
Offline

Joined: Aug 2009


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5184 10/21/09 05:49 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Installing that would require $100 for the product, physical access to the computer to be monitored, and an administrative account on that computer. Given physical access to the computer and knowledge of admin passwords, security is ephemeral at the very best, and no add on software product will be able to protect you.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Rapport: any opinions?
joemikeb #5190 10/21/09 10:51 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
But don't phishers and pharmers get passwords and remote control as well?


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5204 10/22/09 03:49 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
If you are going to cooperate with a phisher or pharmer by willingly providing them with your account password, then no software application can possibly protect you from yourself.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Rapport: any opinions?
joemikeb #5217 10/22/09 10:20 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
True, but do we know easy means to discern the phishing site from a real one? If we get an unusual query from the "bank", we can always call it or go to the original website and try to find out. However, if there is a software that warns us about the site's possible bad nature, it should be helpful. On the other hand, my trusted iCab has an option for this warning.
P.S. On the Trusteer (Rapport maker) web site there is a list of banks collaborating with it. There are some American ones, generally rather small; most are in Europe.

Last edited by macnerd10; 10/22/09 10:21 PM.

Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5223 10/23/09 04:34 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> True, but do we know easy means to discern the phishing site from a real one?

Well... For starters, there's Google Safe Browsing API (which, I believe, is included with all current versions of Safari), described in more detail here.

(The Safe Browsing database is located at /private/var/folders/TE/TEdLZdGD2Rmh0U+F72QxX++++TI/-Caches-/com.apple.Safari/SafeBrowsing.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Rapport: any opinions?
artie505 #5260 10/24/09 02:24 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Thanks for the info!


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5281 10/24/09 06:30 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
One of the simplest, most effective antiphishing practices you can do is never click on a link to go to a secured site. 95% of that refers to clicking on links emailed to you. Most banks now say "go to your browser and type 'bankname.com' to view your statment" Several months ago I got an email with a clickable link from my bank to sign up for some additional free service. I called them up and they said they'd gotten numerous complaints from other bank customers and it was their bad and would not be repeated.

The other 5% (on mac, 85% on windows) is never click on a link on a web page that says you have a problem and click here to fix it.


I work for the Department of Redundancy Department
Re: Rapport: any opinions?
Virtual1 #5296 10/25/09 02:17 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
The last one is obvious. Unless they control your computer, they would have no way of telling that you have any problem! A hook for total newbies, I guess, and mostly Windows users as you rightly pointed out.
On a general note, I wish someone would write a sort of tutorial on what to do and, especially, on what not to do on the web in order to protect the computer and private info. A perfect FAQ topic right there!

Last edited by macnerd10; 10/25/09 02:17 AM.

Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5337 10/26/09 05:54 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: macnerd10
True, but do we know easy means to discern the phishing site from a real one? If we get an unusual query from the "bank", we can always call it or go to the original website and try to find out. However, if there is a software that warns us about the site's possible bad nature, it should be helpful. On the other hand, my trusted iCab has an option for this warning.
P.S. On the Trusteer (Rapport maker) web site there is a list of banks collaborating with it. There are some American ones, generally rather small; most are in Europe.


I've actually written articles about this, most notably here and here.

What it comes down to is that phishers rely on a weakness in the human brain. Our brains are designed for pattern matching and pattern recognition, so that we feel a sense of familiarity when we see a familiar pattern embedded in something we observe, and we often stop observing the thing once we recognize a pattern.

So for example if you tell someone "Always look at the URL of a site before you trust it," and a phisher uses a web URL like signin.ebay.com.ws.eBayISAPI.dll.4333737474.ru/?Signin, most people will look at that and say "I have always been told to make sure that the URL says ebay.com and this URL says ebay.com so it must be legitimate." Our eyes tend to quit scanning when we recognize the familiar pattern, and on top of that most folks simply do not understand how URLs work so they do not know that the name of the server is always the part just before the first /, so they don't realize they're actually at signin.ebay.com.ws.eBayISAPI.dll.4333737474.ru/?Signin and that the name of the site they are on is not ebay.com but rather 4333737474.ru.

You can tell simply by looking at a URL whether you're on a legitimate Web site or not, but it requires two things: first, understanding how to read a URL, and second, training yourself to force yourself to read the whole thing even though your brain is naturally programmed to stop paying attention as soon as you see a familiar pattern.

Last edited by tacit; 10/26/09 05:55 PM.

Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Rapport: any opinions?
tacit #5343 10/26/09 07:09 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Fascinating!

Thanks, tacit.

(It's amazing how few words it took you to clarify such a complex matter.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Rapport: any opinions?
tacit #5346 10/26/09 10:31 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Very interesting. However, I must say that it may not be that easy and obvious. I once was nearly a victim of phishers who ended up inserting their e-mail address into my PayPal account. Nothing happened because I was notified of this development. But I went to the web site and gave away some of my PayPal info. The thing really looked like PayPal without any strange domain names. My take would be that the sophistication of thieves is always a step ahead or at least au par with the police.
Another thing that I was just saying that the browser should be able (some of them already are) to discern this kind of site. On the other hand, if a suspicious e-mail comes asking to urgently visit a site, I always go to View source in Entourage and see what this is about. The info Entourage gets without opening the message is very illuminating, up to a different sender's address than the one showing in the message. I wish all e-mail programs were like this.


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5351 10/27/09 03:57 AM
Joined: Sep 2009
Offline

Joined: Sep 2009
Originally Posted By: macnerd10
Very interesting. However, I must say that it may not be that easy and obvious. I once was nearly a victim of phishers who ended up inserting their e-mail address into my PayPal account. Nothing happened because I was notified of this development. But I went to the web site and gave away some of my PayPal info. The thing really looked like PayPal without any strange domain names.

I think the only way that could be done is if they hijacked the PayPal site itself.

Or... perhaps the first part of url was so long that the domain name was sitting beyond the viewable limits of the address bar, so you didn't see it actually. Something like:

http://www.finetunedmac.com.ThisIsAFakeUrl-1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij.HereIsTheDomain.com/somepage.php

Originally Posted By: macnerd10
On the other hand, if a suspicious e-mail comes asking to urgently visit a site, I always go to View source in Entourage and see what this is about. The info Entourage gets without opening the message is very illuminating, up to a different sender's address than the one showing in the message. I wish all e-mail programs were like this.

Most email programs do that. I'm liking Postbox a lot so far. [new update 1.0.2 just released]

Re: Rapport: any opinions?
Hal Itosis #5356 10/27/09 06:18 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Thanks for the info! Looks like Postbox can consolidate different e-mail accounts - this must be real handy.

P.S. Concerning PayPal story, the url was not that different from a real one (with some minor things that I obviously overlooked). Since I gave them my login info they could easily get into the account. I guess, they would not activate it immediately and that was a big mistake because PayPal notified me of a new e-mail attached to the account. The next day it was closed and a week later PayPal opened a new one for me, with a new password. The phishers bombarded me with "urgent" e-mails another two weeks and then vanished.

Last edited by macnerd10; 10/27/09 06:22 AM.

Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
Hal Itosis #5370 10/27/09 01:08 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
usually insisting they see a padalock, while possibly less foolproof, tends to be more secure. The phishers don't normally register an ssl certificate for their domain (so they can https) since it will get blacklisted within 8 hours or so and those things are pricey.

I've seen more than one phishing site that had a gold padlock as their tiny url icon, or a bar across the top meant to look like the URL bar with a padlock in it, so obviously they recognize this weakness.


I work for the Department of Redundancy Department
Re: Rapport: any opinions?
macnerd10 #5467 10/29/09 12:52 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: macnerd10
Another thing that I was just saying that the browser should be able (some of them already are) to discern this kind of site. On the other hand, if a suspicious e-mail comes asking to urgently visit a site, I always go to View source in Entourage and see what this is about. The info Entourage gets without opening the message is very illuminating, up to a different sender's address than the one showing in the message. I wish all e-mail programs were like this.


Unfortunately, the browser warning isn't reliable. It works by comparing the URL of the site you are at to a list of known fake URLs maintained by Google. If the URL you are at is on the list of known fakes, you see the warning.

There are two weaknesses in that approach. First, the phishers are creating thousands of new phish sites every day, so the list can never keep up. I have seen phish sites that are online for a week or more and still have not yet made it onto the list.

Second, phishers often put fake sites up by hacking real, legitimate Web sites and then uploading the phish page. If the URLs do finally get reported to Google and make it onto the list, the Web site owner might remove the phish page and fix the security hole that let him get hacked--but his site, which has now been fixed, is still listed as a fraudulent site, because URLs aren't always removed promptly from the list when the phish is taken down.

Originally Posted By: Virtual1
usually insisting they see a padalock, while possibly less foolproof, tends to be more secure. The phishers don't normally register an ssl certificate for their domain (so they can https) since it will get blacklisted within 8 hours or so and those things are pricey.

I've seen more than one phishing site that had a gold padlock as their tiny url icon, or a bar across the top meant to look like the URL bar with a padlock in it, so obviously they recognize this weakness.


Yep, that's actually a poblem with the way the brain works too.

You tell people "Look for a padlock" so they look for a padlock. If they see a padlock anywhere on the page they say "I know this is a real site, because I was instructed to look for a padlock and there it is." To someone who does not understand a great deal about Web browsers, it makes no difference whatsoever how many times you say "look for a padlock outside the page" or "look for a padlock in the browser's address bar". To an unsophisticated user "outside the page" makes no sense because they think of the entire window, including all the gadgets and the close icon and everything, as "the page" (think of the number of folks who think that Internet Explorer is "the Internet!") and they are not quite sure what an "address bar" is so they hear "look for a padlock mumble something something."

It's amazing. I've sat with clients, told them "look for a padlock in the address bar," then watched them surf to a site and they'll point ot a picture of a padlock inside the page and say "See, there it is! This page must be safe." These are not stupid people, either.

I think that the security industry thinks about this the wrong way. I think that placing a picture or an icon to show that a page is secure is the wrong thing to do. If it were up to me, I would do it the other way around: on every page that was NOT secure, I would have the browser display a message reading "This page is not secure, and the identity of this page can not be trusted" in red letters underneath the address bar, and make those words go away when you access a secure site.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Rapport: any opinions?
tacit #5480 10/30/09 06:29 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Unfortunately it gets "complicater and complicater" on the other end too. Recently, my legitimate Bank of America accounts site with "double" security (password and personalized picture) started displaying a message from iCab that its certificate cannot be verified. When I ignore the message and get it, I see all my transactions in order, which would not have happened in a phisher site unless the bank's site was totally hacked. And no suspicious activity. So, how come such "secure" sites allow this message? Why are the banks so reckless? Beats me.


Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN
Re: Rapport: any opinions?
macnerd10 #5852 11/16/09 02:08 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: macnerd10
Unfortunately it gets "complicater and complicater" on the other end too. Recently, my legitimate Bank of America accounts site with "double" security (password and personalized picture) started displaying a message from iCab that its certificate cannot be verified. When I ignore the message and get it, I see all my transactions in order, which would not have happened in a phisher site unless the bank's site was totally hacked. And no suspicious activity. So, how come such "secure" sites allow this message? Why are the banks so reckless? Beats me.

The phisher site doesn't need to hack the bank's site. Just by way of example...

Suppose the phisher sets up a site at https://www.bankamerica.com. (Notice that the real site is at bankofamerica.) Somehow, they entice you to go there. Or more interestingly, they subvert DNS so that the correct url resolves to the phisher's site instead of the bank's.

Now they do a classic man-in-the-middle attack. You have a secure (https) connection to the phisher, the phisher has a secure connection to the bank. Everything you say to the phisher, the phisher says to the real bankofamerica. Every answer coming back from bankofamerica is relayed by the phisher back to you.

That includes the login process. You type your password, the phisher makes a note of it, and sends it on to the bank. The bank sees the correct password and figures you're just logging in from a different computer today. It has no reason to believe the phisher isn't you.

You ask to see your account data, so the phisher asks to see your account data. The bank sends it all to the phisher, the phisher sends it all to you. You're seeing what you expect to see (except for some pesky little warning message that you choose to ignore), the bank sees what it expects to see (your valid password), and the phisher sees it all.

You log out, the phisher logs out (so it can show you the correct logout screen), then immediately logs back in and cleans you out.

I've glossed over a few details, chief of which is that bankofamerica won't show that picture to any other computer than the one you were using when you picked the picture. When the phisher logs in from a different computer, it doesn't get that picture and cannot pass it along to you.

And if you requested the correct URL but somehow landed on a bogus site, you will get a message about the certificate being wrong. That's the whole point of certificates. But if they tricked you into going to the wrong site and somehow got their own certificate at that site, there will be no such warning. That's what bankofamerica's login picture is all about, to close that loophole.

But the principle remains. Don't ignore that error message. Don't ignore a missing picture. Just because you see your accounts and your transactions doesn't mean you're really talking (directly) to your bank.

Re: Rapport: any opinions?
ganbustein #5857 11/16/09 08:41 AM
Joined: Aug 2009
Likes: 14
Online

Joined: Aug 2009
Likes: 14
This whole thread is extraordinarily interesting reading. I have had some of the experiences, including the certificate warning just the other day. Being very paranoid about internet bandits I stopped and got to the site I wanted by looking through previous history and using a stored page.

Thanks everyone for taking the time to be so fulsome.

Is this a topic requiring a more prominent place, such as our FAQ page?

ryck


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Rapport: any opinions?
ganbustein #5918 11/19/09 02:09 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: ganbustein
The phisher site doesn't need to hack the bank's site. Just by way of example...

Suppose the phisher sets up a site at https://www.bankamerica.com. (Notice that the real site is at bankofamerica.) Somehow, they entice you to go there. Or more interestingly, they subvert DNS so that the correct url resolves to the phisher's site instead of the bank's.


This is not a theoretical attack. This is exactly what the Windows W32/Zlob malware, and its Mac cousin, OSX.DNSchanger, does.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Rapport: any opinions?
ganbustein #5927 11/19/09 07:51 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> [...] bankofamerica won't show that picture to any other computer than the one you were using when you picked the picture. When the phisher logs in from a different computer, it doesn't get that picture and cannot pass it along to you.

And if you requested the correct URL but somehow landed on a bogus site, you will get a message about the certificate being wrong. That's the whole point of certificates. But if they tricked you into going to the wrong site and somehow got their own certificate at that site, there will be no such warning. That's what bankofamerica's login picture is all about, to close that loophole.


Thanks for that.

I've asked the support people at a coupl'a banks about the significance of those security pictures without getting a knowledgeable answer.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Rapport: any opinions?
artie505 #5956 11/20/09 01:56 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
tho SSL certificates cost quite a lot, and if you've got a domain name that's just going to get confiscated tomorrow there's a lot of risk in buying an SSL certificate that's got such a short useful life. (tho I suppose if you get enough suckers, it'll pay for itself?)

I've worked for three places so far that didn't consider ssl certs affordable. And with imap you either buy the cert, or deal with the cert warnings in your email reader. (thankfully fixed in recent versions of apple mail)


I work for the Department of Redundancy Department
Page 1 of 2 1 2

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.041s Queries: 66 (0.028s) Memory: 0.7178 MB (Peak: 0.9067 MB) Data Comp: Zlib Server Time: 2024-03-28 08:19:18 UTC
Valid HTML 5 and Valid CSS