Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits G

from [Paul Laudanski] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability
Date: Wed, 11 Jan 2006 18:51:56 -0500 (EST) 
On Wed, 11 Jan 2006, dpw wrote:


I am surely missing something here. This seems like a pretty involved phish,
but the initial hook doesn't seem to be baited very well. 

Why would anyone think a link that goes to Google would be a legitimate way
to go to PayPal? Why would this be different than leveraging any redirect
system? Why is this noteworthy?


You might not fall for this, but I've received my share of emails from 
folks who either have, or who were saved thanks to articles such as these.  
Its all about public awareness.  You think these scammers would be "in 
business" this long for no reason?

-- 
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com



-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability, dpw
Next by Date:  Re: PayPal Phishing Site Exploits Google XSS Vulnerability, Paul Laudanski
Previous by Thread:  RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability, dpw
Next by Thread:  Re: Referer/302 behavior [WEB SECURITY] Web Hacking... PayPal Phishing ... Google redirect, Peter Watkins
Indexes:  [Date] [Thread] [Top] [All Lists]