Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [in] Warning about accessing / attacking phising and spoofing sites

from [Curt Purdy] Network Security [Permanent Link]
Subject: RE: [in] Warning about accessing / attacking phising and spoofing sites
Date: Sun, 19 Dec 2004 18:34:18 -0600 
Amir Herzberg wrote:

You both probably meant this as a joke, but just for safety, 
let me warn anybody against doing this, or entering phishing 
sites `just for fun`. 
Since we're doing research on secure user-interface 
extensions to browsers to prevent web spoofing and phishing, 
I've been looking at many phishing and spoofing web sites 
(see article at 
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.ht
m or extension for Mozilla/FireFox at 
http://trustbar.mozdev.org). However, this should  be done 
very carefully (read: from a specially protected, not 
sensitive machine), since many of these sites try (also) to 
use different browser vulnerabilities to break into machines. 

<snip>

Which is why I always use a VMWare image to do this type of research.  As a
SOP, I always throw away the image after doing my research and start up
another copy next time.  This is about the only way I will run windows
anyway and is defentately the only way I will run IE.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer 
DP Solutions

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Critical New Web Application Vulnerability Alert BOB23203115, Arian J. Evans
Next by Date:  Re: Article - A solution to phishing, Joseph Miller
Previous by Thread:  Warning about accessing / attacking phising and spoofing sites, Amir Herzberg
Next by Thread:  RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications", Noah Gray
Indexes:  [Date] [Thread] [Top] [All Lists]