Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
  • Protecting yourself from Phishing attacks OK - well if you know what phishing is. You may already be ahead of the game. By now you've probably seen the messages. From:security@yourbank.com to:youremailaddress@isp.com subject:Security breach of your account text: It has come to our attention that there have been numerous ip addresses attempting to access your account......
  • The Great Lizamoon SQL Injection Attack - March-April 2011 Well - Friday things started getting interesting on tech news sites. Most sites were running phony April fools stories and a few including websense was running with a major attack going on against many SQL based websites. Details were sketchy - people were told to look for ur.php files in......
Blog Traffic Exchange Related Websites
  • Strengthen Web Page Ranking In Three Uncomplicated Steps Substantial site list is important for every small business owner, specially Online Business. The larger your site has a high ranking on google success, the better website traffic it becomes. And we all believe that more site visitors usually means more income. So how do you in fact boost web......
  • How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
  • How Crucial Are Flash Files In Site Style I am positive that if you are visiting this page, you will be interested in 99 designs. The internet has proved to be the busiest and fast rising on the net local community primary to improved competition that incredibly fierce and stiff. Certainly, competition for visitors and plenty much more......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site