Tuesday, May 25, 2010

Tabnabbing: A new type of phishing

Check out this page at azarask.in. They demonstrate a new method of phishing. A page you are looking at can auto-switch to a page that resembles a page of a trusted website such as gmail, facebook, paypal, or online banking. Part of the attack involves changing the favicon of the page and monitoring for page inactivity.

A New Type of Phishing Attack from Aza Raskin on Vimeo.

Tuesday, May 18, 2010

Widespread attacks continue against WordPress sites

Owners of self-hosted WordPress based websites should make sure that their FTP and wordpress passwords are secure. Also review your WordPress installation to make sure that it is up to date. The current version is 2.9.2. Sites hosted on WordPress.com are not affected.

Intruders in recent weeks have hacked a large number of websites created through the WordPress blogging platform to spread malware, with another major campaign launched on Thursday, security researchers said.

In addition to WordPress blogs, websites created with other PHP-based platforms, including the Zen Cart eCommerce solution, were affected by the attacks, Regina Smola, co-founder of WPSecurityLock, a provider of WordPress security services, told SCMagazineUS.com on Tuesday.

Attackers injected malicious JavaScript into the sites, causing visitors to be redirected to scareware domains that attempted to trick users into installing a virus, she said.