Is phishing a phlash in the pan? No, says the the Radicati Group, Inc., in its new report, “E-mail Anti-Phishing and Anti-Fraud Market Trends 2004-2008”, which “provides market size, market share, four-year forecasts, technology trends, key solutions, and competitive information for the emerging e-mail anti-phishing and anti-fraud software market”. Phishing, it appears, is big business… Read More »
Sometimes security holes can be subtle rather than complex. Sidney Low of Aliencamel points out the vulnerability discovered by Secunia, called the Multiple Browsers Frame Injection Vulnerability. It’s a fancy term for a simple enough trick, where the bad guy hijacks a frame in a legitimate webpage (a frame is one portion of a webpage… Read More »
Just how many websites have been compromised by last week’s attack of the Scob trojan? A report released today by Cyveillance, a U.S. based ‘provider of online risk monitoring and management solutions’, concludes that 641 sites were still infected with the JS.Scob.Trojan virus as of June 27, 2004. The company says it used its proprietary… Read More »
Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway. It works like this: The bad guy uses a weakness in web servers running Internet Information Services 5.0 (IIS) and… Read More »
Further to my posting on top level domains being registered with clear criminal intent (the example I used was paypal.de.com, in ‘How to make a phish look real’) I just received this from Joe Alagna, Manager, North American Markets for CentralNic, the registrar for the TLD in question. Here’s his reply in full: I wanted… Read More »