The other day I came across to this summary with direct examples of various XSS vulnerabilities at E-banking sites, and I wonder why the results still haven't gotten the necessary attention from the affected parties :
"First of all you should realize, that this is not the first time, that we are doing such a website. The last time we hit a vast number of sites, mostly german banks. We have shown, that those sites, that should be most secure are not! Many visitors saw the site and also the banks seemed quite upset, nevertheless they fixed the problems, that we pointed at. You can check out the archive at: [English version] and [German version]. This project has been done as a direct reaction to the poll done in austria not long ago and which was reported at [this article] from Heise. For the english readers of you, this article basically says, that 9 of 10 people using online banking in austria trust the security, that their banks offer."
The best phishing attack at least from a technical perspective is the one that's using a vulnerability in the targeted's brand site to further improve its truthfulness, and believe it or not, certain phishing attacks are actually loading images directly from the victim's sites instead of coming up with the phish creative on their own.
No comments:
Post a Comment