David Kirkpatrick

January 23, 2009

Be on the lookout …

Filed under: Technology — Tags: , , , , — David Kirkpatrick @ 12:31 am

… for this new phishing attack. Sounds like it might catch the unwary.

From the link:

A vulnerability in major browsers recently discovered by Trusteer could make this trick much more dangerous, by allowing for “in-session phishing” and a more tailored attack. Using this new vulnerability, a phisher could detect, via the hacked site, when a user was already logged in to a banking website. The hacked site could then launch a pop-up warning the user that her session has timed out and asking her to reenter her login details. This approach would be less likely to raise a red flag, says Klein, since the pop-up does not appear completely out of the blue.

The core vulnerability discovered by the Israeli researchers is a Web browser flaw that lets the phisher see what other websites a person is visiting. Klein explains that a certain JavaScript function, commonly used by online retailers, financial institutions, and other sites, leaves a footprint revealing that the user is logged in to that site. Klein says that protections such as pop-up blockers wouldn’t necessarily derail the attack because the hacked site could itself be altered to seem like a request to log in again.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: