Sunday, May 30, 2010

Tabnabbing: A New Type of Phishing Attack

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

How The Attack Works

1. A user navigates to your normal looking site.
2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Monday, May 24, 2010

Portable Apps to Go!

Do you sometimes need to run Putty, Winscp, OpenOffice, a pdf reader or similar and you do not want to go through the hassle of downloading and installing on the system you happen to be using?

Do you own a usb flash or hard drive?

If you answered YES to the above then check out:

http://portableapps.com/

Sunday, May 09, 2010

Be Afraid....BGP rules internet data flow paths

Worth the read to understand the issue that Jack Daniel mentioned at last week's BNUG meeting.

"How an unfixed Net glitch could strand you offline"

http://news.yahoo.com/s/ap/20100508/ap_on_hi_te/us_tec_fragile_internet