
Spotlight \| Reviews \| Current Issue \| Newsletter \| Subscribe \| Contact \|

News

Features

Blogs

RSS Feeds

White Papers

Conference Videos

Departments

Resources

Current Issue

Special Editions

Spotlight

Reviews

LUGs

Event Calendar

Stopping the cross-site authentication attack

STRANGE PHISHING

Author(s): JOACHIM BREITNER

A new form of phishing attack deposits an HTML tag on the vulnerable service to trap users into authenticating.

Phishing messages should be a familiar sight to most readers. They appear to come from your bank or eBay and ask you to enter your credentials on a spoofed login page. A phishing attack uses trickery to spy on user credentials. Another method, known as cross-site scripting (XSS, as CSS stands for Cascading Style Sheets), places active code on a vulnerable page. The unsuspecting user’s web browser runs the code and sends the user’s login data to the attacker.

Read full article as PDF »

Comments

Digg

Related Articles
SAFER SURFING	Staying ahead of Internet snoopers and con men

Get your backstage pass to Linux!

If you're ready for a deeper look, Linux Magazine gives you a view behind the scenes.

Don't miss out on the tools, tutorials, and reviews you'll need to unlock the secrets of Linux.

more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2008 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux-Nachrichten] [Linux Events]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland] [Darmowe Programy Poland] [Open Source DVD Poland] [Linux Magazin Romania]
International: [Linux Magazine Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]