WebApp Sec mailing list archives
RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability
From: Paul Laudanski <zx () castlecops com>
Date: Wed, 11 Jan 2006 18:51:56 -0500 (EST)
On Wed, 11 Jan 2006, dpw wrote:
I am surely missing something here. This seems like a pretty involved phish, but the initial hook doesn't seem to be baited very well. Why would anyone think a link that goes to Google would be a legitimate way to go to PayPal? Why would this be different than leveraging any redirect system? Why is this noteworthy?
You might not fall for this, but I've received my share of emails from folks who either have, or who were saved thanks to articles such as these. Its all about public awareness. You think these scammers would be "in business" this long for no reason? -- Paul Laudanski, Microsoft MVP Windows-Security [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability RSnake (Jan 11)
- RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability dpw (Jan 11)
- RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)
- Re: Referer/302 behavior [WEB SECURITY] Web Hacking... PayPal Phishing ... Google redirect Peter Watkins (Jan 31)
- RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability dpw (Jan 11)