Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • More on Explorer vulnerability Among other things... Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can......
  • Wireless exploits coming to Metasploit 3... and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But,......
  • Network Security guide for the home or small business network - Part 14 - Alternative software There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way......
Blog Traffic Exchange Related Websites
  • Why Produce Links? A link building, or creating backlinks, is a strategy to get site readers to your website. The concept was started by Google stating that in a case where one specific internet site features a back link which points to some various other websites. Which means that the connecting webpage......
  • Navigating Hunting Sites There are thousands and thousands of hunting sites online. Someone who enjoys hunting and surfing the Internet could spend weeks just discovering new sites and evaluating them. Because so many new sites go up each day, it would be a never ending pursuit. But because there are so many, that......
  • Nut Web Site Instantly Assured SEO or search engine marketing techniques are relating to the art of traffic generation, on earth of internet affiliate marketing there is a renowned saying inidicating that lots of targeted traffic equals money; in all likelihood that most SEOs know this is now true. Internet ventures are frequently a failure......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site