-=PCTechTalk=- Re: This Spoof Ain't Funny
- From: Glen <glbbrown@xxxxxxxxx>
- To: pctechtalk@xxxxxxxxxxxxx
- Date: Mon, 12 Jul 2004 22:04:57 -0700 (PDT)
Incase that was difficult to read for others as it was
for me. Also the web address has changed slightly.
http://tinyurl.com/4oj89
Glen
--- Bashful Bob <Bashfulbob@xxxxxxx> wrote:
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> >From a link in Consumer world
> ******************************************
>
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=3D2210=
> 4462
>
>
> This Spoof Ain't Funny=20
>
> By Keith Ferrell, TechWeb=20
>
> A new security flaw allows crooks to place false, or
> "spoofed," =
> information into Web pages displayed by virtually
> any browser, not just =
> Microsoft's Internet Explorer.=20
>
>
> This represents a large--and frightening--step
> beyond the ability to =
> place a counterfeit url in the browser's address
> bar. That scheme =
> involved loading a completely false page while the
> navigation bar =
> displayed a legitimate url.=20
>
>
> The new technique is more insidious, in that it can
> seamlessly insert =
> false information into the browser display of
> legitimate pages.=20
>
>
> The announcement that the new exploitation approach
> crossed browser =
> lines came just as the Department of Homeland
> Security, among others, =
> recommended that users shift to non-Microsoft
> browsers, such as Mozilla =
> or Opera.=20
>
>
> The timing of the recommendation turned out to be
> ironic, of course, but =
> irony is cold comfort in an environment in which
> we're almost daily =
> being forced to distrust the content that appears in
> our browsers and =
> mail programs.=20
>
>
> So far this year we've seen a stunning increase in
> the number of =
> spoof-based e-mail phishing scams that guide users
> to false, but =
> official-looking, sites. Phishing, awful as it is,
> at least requires =
> that the victim do something, however foolish, such
> as responding with =
> credit-card information to an e-mail.=20
>
>
> That's precisely the sort of bait-and-switch con
> than can at least be =
> approached through education and behavioral change.
> Anti-phishing tips =
> basically come down to common-sense advice about
> verifying financial =
> communications before responding to them.=20
>
>
> The latest spoofing scam takes bait-and-switch to a
> new level, hiding =
> the switched information in plain sight--right there
> on the page in =
> front of us.=20
>
>
> This new area of uncertainty will doubtless compound
> existing worries =
> over data breaches and incidents like last week's
> coordinated attack on =
> financial sites.=20
>
>
> The result is an environment that may cause serious,
> and perhaps =
> crippling, damage to already substantial concerns
> about the =
> trustworthiness of online transactions.=20
>
>
> Is there a point at which all of the levels of
> patches, verifications, =
> firewalls, ant-virus definitions, and the rest will
> become simply too =
> much for many people to bother with? If so, the
> browser-spoofing =
> vulnerability is likely to move many people one step
> closer to giving =
> up. Let's hope not.=20
>
>
> Test Your Browser's Spoofing Vulnerability
>
>
> a.. Secunia Browser Vulnerability Test=20
>
> Search The TechWeb Network=20
>
> a.. Phish=20
> a.. Spoof=20
>
> Get TechEncyclopedia Definitions=20
>
> a.. Spoofing=20
>
> Get White Papers=20
>
> a.. A Service-based Approach to the Email Fraud
> Problem=20
> a.. Security at the Next Level: Are Your Web
> Applications Vulnerable?=20
> Life is what happens in between plans.
>
> Virus free email by Norton's
> This message is intended for the sole use of the
> individual and/or =
> entity to which it is addressed, and may contain
> information that is =
> privileged, confidential, and exempt from disclosure
> under applicable =
> law. If you are not the addressee, or authorized to
> receive this on =
> behalf of the addressee, you are hereby notified
> that you may not use, =
> copy, disclose, or distribute to anyone this message
> or any part =
> thereof. If you have received this in error, please
> immediately advise =
> the sender by e-mail and delete this information.
> Thank you
>
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
>
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
