Stopping the cross-site authentication attack

STRANGE PHISHING

Article from Issue 60/2005
Author(s):

A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

    more »
  • Safer Surfing

    Do you know enough to surf free of the liars and spies? We’ll show you how to stay ahead of the traps.

    more »
  • Security Lessons

    Sometimes, even ING, YouTube, The New York Times, and Google get it wrong.

    more »
  • WebAuthn

    FIDO2 authentication with WebAuthn may be sounding the end of the password age.

    more »
  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

    more »
comments powered by Disqus