Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • Wireless exploits coming to Metasploit 3... and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But,......
  • Exploit in the wild for Apple vulnerability A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don't delay any further on patching.......
  • Network Security guide for the home or small business network - Part 14 - Alternative software There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way......
Blog Traffic Exchange Related Websites
  • Nut Web Site Instantly Assured SEO or search engine marketing techniques are relating to the art of traffic generation, on earth of internet affiliate marketing there is a renowned saying inidicating that lots of targeted traffic equals money; in all likelihood that most SEOs know this is now true. Internet ventures are frequently a failure......
  • How Crucial Are Flash Files In Site Style I am positive that if you are visiting this page, you will be interested in 99 designs. The internet has proved to be the busiest and fast rising on the net local community primary to improved competition that incredibly fierce and stiff. Certainly, competition for visitors and plenty much more......
  • Money Walks Lists RateLadder.com as an Interesting Prosper.com Blog I was looking into my Google Analytics statistics from 1/9/2007.  (I made it to the 3rd page of Reddit and stayed most of the day with my story Using Prosper.com for Your Emergency Fund - 312% improvement over CD Ladder). 90+% of my traffic came as a reddit referral.  I......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site