Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • Protecting yourself from Phishing attacks OK - well if you know what phishing is. You may already be ahead of the game. By now you've probably seen the messages. From:security@yourbank.com to:youremailaddress@isp.com subject:Security breach of your account text: It has come to our attention that there have been numerous ip addresses attempting to access your account......
  • Exploit in the wild for Apple vulnerability A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don't delay any further on patching.......
  • The Great Lizamoon SQL Injection Attack - March-April 2011 Well - Friday things started getting interesting on tech news sites. Most sites were running phony April fools stories and a few including websense was running with a major attack going on against many SQL based websites. Details were sketchy - people were told to look for ur.php files in......
Blog Traffic Exchange Related Websites
  • How Crucial Are Flash Files In Site Style I am positive that if you are visiting this page, you will be interested in 99 designs. The internet has proved to be the busiest and fast rising on the net local community primary to improved competition that incredibly fierce and stiff. Certainly, competition for visitors and plenty much more......
  • Why You Need To Use Search Engine Optimization A lot of website owners are content to buy PPC ads, run affiliate programs, and buy banners ads as their sole forms of advertising. They completely shun search engine optimization because they think that it’s too hard to keep up with and that the returns aren’t predictable. There’s a major......
  • Money Walks Lists RateLadder.com as an Interesting Prosper.com Blog I was looking into my Google Analytics statistics from 1/9/2007.  (I made it to the 3rd page of Reddit and stayed most of the day with my story Using Prosper.com for Your Emergency Fund - 312% improvement over CD Ladder). 90+% of my traffic came as a reddit referral.  I......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site