Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Friday, June 24th, 2005, 2:23 pm

Phishing Vulnerability

Devil

ZDNet Australia writes (on behalf of Secunia) about potential phishing attacks which affect all major browsers.

How does this exploit work?

  • A user arrives at a malicious site
  • The site re-direct the user to a trusted site while opening a pop-up
  • The user gets fooled into entering a password in the pop-up
  • While the user believes that the password reaches the trusted site, it actually reaches the malicious one

Pop-up windows, JavaScript and their nasty siblings again take the blame, but if someone is foolish enough to log in via pop-ups, perhaps the flaw lies within the user. Very few sites, if any, will use child windows to request details. It is understandable that many surfers are unaware of that, but they probably ought to stay away from malicious sites to begin with, or at least disable some browser functionality.

Comments are closed.

Back to top

Retrieval statistics: 21 queries taking a total of 0.154 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|