Stopping the cross-site authentication attack
STRANGE PHISHING
Article from Issue 60/2005
A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.
Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)