Phishing – so many flaws to exploit so little time



In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So…. a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing – but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.

Related Posts

Blog Traffic Exchange Related Posts
  • There aren't THAT many phish in the sea, more on phighting phishing The last post, I got sidetracked into another idea as I was doing a google search. Not uncommon. OK, what I was curious about is how many phishing sites are estimated to be "in the wild" at any given moment threatening to defraud viewers? Well, my search did turn up......
  • Wireless exploits coming to Metasploit 3... and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But,......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
Blog Traffic Exchange Related Websites
  • Money Walks Lists RateLadder.com as an Interesting Prosper.com Blog I was looking into my Google Analytics statistics from 1/9/2007.  (I made it to the 3rd page of Reddit and stayed most of the day with my story Using Prosper.com for Your Emergency Fund - 312% improvement over CD Ladder). 90+% of my traffic came as a reddit referral.  I......
  • Reasons to Start Blogging In the 1990's people started to set up websites know as web logs, a term which has been colloquially evolved into the term blog. A blog is a internet website where users post regular article, providing commentary, information, news, and various other forms of posts. Why do individuals start blogging?......
  • Building More Targeted Visitors To Your Blog By Adding A Social Bookmarking Button - Learn What Others Don't Know Making money with blogs is not that hard when you possess traffic, but if you don't have any visitors coming to your blog it can be near impossible. Most people keep trying every new application or program that comes out as a way to improve their blog traffic, but......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site