Online Bill Paying…Other than CheckFree?
Follow up: This does seem to be mainly a flaw in the registrar validation system for what are admittedly attractive targets for domain hijacking. Two comments in the post you linked list this strategy: ” … find out what your financial institution’s IP addresses are (use cmd.exe and type nslookup YOURBANK.com) and put those host names and IP addresses in your [Windows] hosts file” This would bypass the domain registry system – you’d be effectively doing that job yourself. I’m sure there are drawbacks, but it would protect you from this one type of (admittedly high-probability) attack. I think this is the only way to really have more security than you’d have with any given online bill payment system, or really any online system that’s an attractive target for this type of exploit.
