Create an Account
username: password:
 
  MemeStreams Logo

Netcraft: Italian Bank's XSS Opportunity Seized by Fraudsters

search

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Netcraft: Italian Bank's XSS Opportunity Seized by Fraudsters
Topic: Technology 6:31 am EST, Jan 10, 2008

Pretty ... pretty ... pretty ... pretty good.

An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially-crafted URL to inject a modified login form onto the bank's login page.

The vulnerable page is served over SSL with a bona fide SSL certificate issued to Banca Fideuram S.p.A. in Italy. Nonetheless, the fraudsters have been able to inject an IFRAME onto the login page which loads a modified login form from a web server hosted in Taiwan.

Netcraft: Italian Bank's XSS Opportunity Seized by Fraudsters



 
 
Powered By Industrial Memetics
RSS2.0