Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 14 - Alternative software There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way......
  • Protecting yourself from Phishing attacks OK - well if you know what phishing is. You may already be ahead of the game. By now you've probably seen the messages. From:security@yourbank.com to:youremailaddress@isp.com subject:Security breach of your account text: It has come to our attention that there have been numerous ip addresses attempting to access your account......
  • Wireless exploits coming to Metasploit 3... and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But,......
Blog Traffic Exchange Related Websites
  • Three Reasons You Need a Great Header Graphic for Your Web Site The single most important graphic element on your Web site or blog is, without a doubt, your header graphic. If your site lacks an eye-catching, targeted and topic-specific header graphic, it runs the risk of being ignored by untold numbers of potential clients and readers. But an attention-grabbing, well-designed header......
  • Why Produce Links? A link building, or creating backlinks, is a strategy to get site readers to your website. The concept was started by Google stating that in a case where one specific internet site features a back link which points to some various other websites. Which means that the connecting webpage......
  • Strengthen Web Page Ranking In Three Uncomplicated Steps Substantial site list is important for every small business owner, specially Online Business. The larger your site has a high ranking on google success, the better website traffic it becomes. And we all believe that more site visitors usually means more income. So how do you in fact boost web......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site