Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Phishing - so many flaws to exploit so little time

In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE.... Brian Kreb…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE.... Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.


Essentially these vulnerabilities take place on a site where a form has input that is unvalidate or not cut off to include JUST what is needed in the form. So.... a phisher could force the server to accept other data/rewrite the page in a manner of speaking. Tools such as the netcraft toolbar can help defend you against this type of phishing - but caution with email links is certainly another defence. Also, it would do well if sites were to audit their own sites for these vulnerabilities.