IE/Firefox/Safari phishing exploit found

Security by Dave Naffziger on October 14, 2004 at 10:56 pm

I’ve been following the anti-phishing market recently (there are few good solutions), and was forwarded an article on a new pop-up exploit that enables a malicious site to take advantage of any ‘friendly’ popups on a bank’s website.

Check out this demonstration of the exploit on Citibank’s website:

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

There will always be either technical (keyloggers, browser expoits, etc) or social engineered solutions to nab people’s login information. You can’t stop phishing by protecting users from themselves, you need to stop it at the bank’s website.

Related Posts

  • http://www.naffziger.net/blog/2006/05/15/users-are-the-weakest-link/ Users are the weakest link – Naffziger’s Net

    [...] is a favorite topic of mine (1, 2). Great article on the efficacy of the user toolbar to flag phishing sites: [...]

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger’s Blog | Dave & Iva Naffziger