Right after just a couple of days since my post about the security of Poste Italiane home banking website, some things have happened, some other which were expected to do, didn’t.
Within the thing which have happened, for instance, Google and Firefox identified the website i’ve wrote about as a fishing websites, warning visitors about the evil content hosted on those pages. What i signaled was the ease with which these identity stealers can make a perfect copy of the home page of the mentioned service.Today i received another fishing email which point me to this scam website: http://n441.sreeramgateway.com/poste. Again: this one is made using directly the poste italiane contents.
I’m angry because i’m looking for a job as linux system administrator and it turned harder than expected, and on the other side i see these people that claim to be sysadmins but they do a very bad job. It’s a shame!
And it’s astonishing to see that Poste Italiane warns its customers against fishing websites and at same time their own website continue serving unreferenced static contents like css stylesheet, images and even flash clips (see image). This is ridiculous and should not happen. There must be even just a .htaccess file in order to prevent anyone to open a css stylesheet or an image without being referenced from the index page of the site. It’s a tecnique implemented in order to avoid hits on single images reached from user through google images search.: EASY.
So, I can claim that Poste Italiane Offers a very low level of security to its homebanking customers (included me). Please, please, i beg you, take it seriously, otherwise, we know it’s a numbers matter. After n tries, one fish is being captured, and it does not matter if you are a security expert or a perfect idiot, it’s the probability to decide.