Stopping the cross-site authentication attack

STRANGE PHISHING

Article from Issue 60/2005
Author(s):

A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

    more »
  • Safer Surfing

    Do you know enough to surf free of the liars and spies? We’ll show you how to stay ahead of the traps.

    more »
  • Security Lessons

    Sometimes, even ING, YouTube, The New York Times, and Google get it wrong.

    more »
  • WebAuthn

    FIDO2 authentication with WebAuthn may be sounding the end of the password age.

    more »
  • Hijacking Browsers

    Bits of JavaScript from a malicious website can put your browser in a trance. A tool called BeEF encapsulates that power in a most diabolical way, providing yet another reason to avoid unknown links and keep your browser up to date.

    more »
comments powered by Disqus