archives  If you want an RSS feed try this xml rss V0.91 feed

Wednesday, March 24, 2004

A new way to go phishing

Grey Magic LogoGreyMagic's latest security advisory GM#005-MC, details of a seemingly new method of remotely exploitable cross-site scripting using IE are revealed. The vulnerability exploits the +TIME multimedia extensions for IE could enable web mail applications such as HOTMAIL or Yahoo, and likely others, to be used to compromise the computers of users of those mail systems. Hotmail has patched their systems
With the recent emergence of increasingly sophisticated phishing attacks such as the one recently focused against the MBNA bank; one can see that this may lead to some further developments in this area making them more difficult to detect even by the more aware user.
Related Links
GreyMatter Secure Web Browsing Initiative
Britain sees surge in 'phishing'
Association for Payment Clearing Services (APACS)
MBNA latest in phishing expedition

posted by Robert Campbell 11:46 AM


Powered by Blogger Pro™