Blog

Users of Mozilla Firefox are vulnerable to phishing attacks because the pop-up dialogue box for password entry in the latest version of the web browser can be spoofed, a leading security researcher has warned.

Aviv Raff claims a vulnerability in the way that Firefox displays authentication dialogs allows cyber criminals to obtain username and password information by deceiving users into thinking they are giving their details to a reliable source.

In an advisory, he wrote: “Mozilla Firefox allows spoofing the information presented in the basic authentication dialog box. This can allow an attacker to conduct phishing attacks by tricking the user to believe that the authentication dialog box is from a trusted website.”

Mr Raff has posted a video on the popular video sharing website YouTube to show how criminals can exploit the vulnerability and he is urging Firefox users not to provide any usernames and passwords to any sites using the basic pop-up dialogue box method of authentication.

Last month Mr Raff highlighted a security loophole in Google’s Toolbar browser utility that allowed phishers to spoof a URL in a dialog box that popped up when users tried to download new toolbar buttons.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Social networking sites are likely to become an increasingly attractive target for fraudsters, experts have warned.

The turn of the new year is expected to see the popularity of social networking sites such as MySpace and Facebook continue.

However, IT security analysts say the proliferation of personal details and the availability of information on people’s date of birth, interests and phone numbers could be a way in for unscrupulous hackers.

ScanSafe has forecast that 2008 will see Web 2.0 threats top the list of the biggest security worries.

“The explosion in popularity of Web 2.0 applications has made Web 2.0 sites an increasingly rich target for cyber criminals,” the firm declared in its evaluation of the coming year.

Mary Landesman, senior security researcher at the firm, told the BBC the nature of the medium meant it could be targeted.

“The technologies that play there and the third party add-ons make it an environment that is susceptible to compromise,” she explained.

Cybercrime is said to be an industry worth more than $100 billion a year.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Researchers have developed a new form of biometric identification that could phase out the use of passwords, pin numbers and credit card numbers.

Scientists at the University of Houston have developed facial recognition software that recreates faces in three dimensions, providing a completely unique identifier.

The URxD application could be used to help people obtain access to secure facilities and authorise credit card transactions, according to the researchers, led by Professor Ioannis Kakadiaris.

‘Pins and passwords are not only inconvenient to memorise, but also are impractical to safeguard,’ he commented, adding: ‘The solution is to be able to tie your private information to your person in a way that cannot be compromised.’

A recent report by research firm Global Industry Analysts suggested that the worldwide market for electronic access systems, including biometric applications, will grow to $6.1 billion (£3 billion) in the next three years.

If you enjoyed this post, make sure you subscribe to my RSS feed!