| Top
Security News |
Disney Victimized By Account Data Thief
Credit card numbers and other personal information made their way to undercover investigators from an order processing subcontractor for the Disney Movie Club.
Disney and the company in question, Alta Resources in Wisconsin, probably wanted to keep news of data theft...
Firefox To Fix Handler Vulnerability
A problem with the 'firefoxurl' URI handler had been partially blamed on Internet Explorer's failure to properly validate input sent to the handler.
Firefox Process Enables IE Flaw
Both the Internet Explorer and Firefox browsers are to blame for an input validation problem similar to one seen in Apple's Safari browser. A Danish man with an interest in hacking has found some odd behavior...
Fraud Spam Continues To Rise
Levels of scam and fraud spam persist in harassing email users, as Symantec's monthly spam landscape report showed an increase in those junk...
Card Scammers Act Like Robin Hood
It may be hard to believe, but some Internet-based credit card thieves have been making charitable contributions of small amounts to verify if a card is valid or not. Unlike a physical credit card theft that...
Harry Potter And The Annoying Worm
Along with the fifth movie and the seventh book about JK Rowling's young wizard, a worm is coming to unwary PC users. In the old days of computing, some...
WordPress Vulnerable To Custom Field Uploads
Those who have not upgraded WordPress to 2.2.1, or WordPress MU to 1.2.3, should do so to help mitigate a newly disclosed vulnerability. The possibility of being exploited still exists after upgrading. Alexander...
|
|
|
|
An online quiz hosted at McAfee's SiteAdvisor website challenges people to pick out authentic sites and messages from pairs of real and fake ones.
The first two questions on the phishing quiz present an easy challenge to someone familiar with URLs. After those questions, McAfee takes away the address bar.
That makes it a little more complicated to figure out real pages from fakes through the rest of the ten-question quiz. I found one question particularly troublesome, and really wanted to pick what turned out to be the fake as the real page.
It's an eye-opening experience, and should make security pros realize just how difficult it can be for Internet users to detect a phishing site just on appearance.
Worse, the examples McAfee selected don't even represent how realistic a criminal can make a phishing site. A man in the middle attack redirecting someone to a perfect copy of a real site may succeed in capturing personal information, unless the address bar gives away the scam.
If the PC has been infected and its hosts file compromised, even the URL in the address bar will match the real site, while resolving to the phishing host.
McAfee said the losses people incur from phishing have increased. They cited figures from Gartner, which said per-victim losses in 2006 averaged $1,244. In 2004, that figure was $257.
Proof of Concept writers busy ahead of Black Hat: Security firm Symantec has received the dubious honor of a quartet of proof of concept viruses in a very short time span.
The four samples all dropped into Symantec's inbox over a two-week period. One targets the Maya 3D scripting language, while another focuses on WinHex's scripting.
Symantec researcher Peter Ferrie described the other two viruses as ones that infect a file, and upon execution go out and look for other files to infect. Left to run on a machine, these proof of concept viruses keep on going from file to file.
Ferrie said none of these present a threat to typical computer users. As proof of concept attempts, they were just something for the virus writers to do and brag about to a security company.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
