Stopping the cross-site authentication attack


Article from Issue 60/2005

A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

  • Safer Surfing

    Do you know enough to surf free of the liars and spies? We’ll show you how to stay ahead of the traps.

  • Security Lessons

    Sometimes, even ING, YouTube, The New York Times, and Google get it wrong.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

  • One-Time Passwords on the Web

    Add security to your website with a one-time password system.

comments powered by Disqus

Direct Download

Read full article as PDF:

XSA_Attack.pdf (150.84 kB)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia