Stopping the cross-site authentication attack


Article from Issue 60/2005

A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

  • Safer Surfing

    Do you know enough to surf free of the liars and spies? We’ll show you how to stay ahead of the traps.

  • Security Lessons

    Sometimes, even ING, YouTube, The New York Times, and Google get it wrong.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

  • One-Time Passwords on the Web

    Add security to your website with a one-time password system.

comments powered by Disqus

Direct Download

Read full article as PDF:

XSA_Attack.pdf (150.84 kB)