Blog

Recent Blog Posts

Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed or Subscribe to Email update. You will find all kinds of things about technology here!

Spoofing warning for Firefox users

January 7th, 2008 by Azizur Rahman

Users of Mozilla Firefox are vulnerable to phishing attacks because the pop-up dialogue box for password entry in the latest version of the web browser can be spoofed, a leading security researcher has warned.

Aviv Raff claims a vulnerability in the way that Firefox displays authentication dialogs allows cyber criminals to obtain username and password information by deceiving users into thinking they are giving their details to a reliable source.

In an advisory, he wrote: “Mozilla Firefox allows spoofing the information presented in the basic authentication dialog box. This can allow an attacker to conduct phishing attacks by tricking the user to believe that the authentication dialog box is from a trusted website.”

Mr Raff has posted a video on the popular video sharing website YouTube to show how criminals can exploit the vulnerability and he is urging Firefox users not to provide any usernames and passwords to any sites using the basic pop-up dialogue box method of authentication.

Last month Mr Raff highlighted a security loophole in Google’s Toolbar browser utility that allowed phishers to spoof a URL in a dialog box that popped up when users tried to download new toolbar buttons.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tagged as: , , , , , , , , , , , , , , , , ,
Posted in Industry News |  No Comments »

Hi-tech crime booming

January 4th, 2008 by Azizur Rahman

Hacking has become an increasingly professional operation, as cyber crime becomes ever more lucrative, a leading security expert has said.

Joe Telafici, vice president of operations for McAfee’s Avert Labs, told the BBC that there had been a clear trend in the last year towards malware designed to make money.

Instead of the debilitating effect of a shutdown or the irritant-style spam which might slow down a PC, Mr Telafici says attacks have become more focussed on theft.

“2007 was a fairly interesting year,” he commented, adding that an “eco-system” surrounding the solicitation of money from unsuspecting users had sprung up.

As well as criminals using the tools to try to scam money from users, security threats are being commercialised and offered on the open market, with those without the expertise to perform hacks now able to operate applications which do it for them.

The advent of new web-based applications such as social networking sites like Facebook and MySpace, which include a welter of personal data and opportunities for illicit access, has further muddied the waters for security analysts.

The sites, which soared in popularity in 2007, are expected to be a target for hackers this year.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tagged as: , , , , , , , , , , , , , , , , , , ,
Posted in Industry News |  No Comments »

Feedback Form