Security Basics mailing list archives
Re: Determining who gave passwords to bogus site
From: Paul Johnston <paul.johnston () pentest co uk>
Date: Mon, 23 Aug 2010 11:41:31 +0100
Hi,
XSS attack. The user clicked on a link in the email which called up a page that injected a script into the actual login page and redirected to a bogus login page before anything was actually entered into the real login page.
A network-based approach would imply a sniffer. But I guess this is after the event, so unless you have one permanently in place, that's no help. The two places I could see you could look are: 1) Proxy logs 2) Web server logs on the site that is XSS attacked It's just possible that on the phishing site, the page after details are submitted contains some kind of reference back to the original web server - perhaps an image, or a redirect. So you could check the web server logs for that. Paul -- Pentest - When a tick in the box is not enough Paul Johnston - IT Security Consultant / Tiger SST Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982) Office: +44 (0) 161 233 0100 Mobile: +44 (0) 7817 219 072 Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy Registered Number: 4217114 England & Wales Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Determining who gave passwords to bogus site Bert Knabe (Aug 20)
- Re: Determining who gave passwords to bogus site Paul Johnston (Aug 23)