Credit Card Data Cloning Tactic

First of all, she's too cute for someone to even have the slightest suspicion, and to be honest the posers paying their coffee with a credit card deserve it -- it leaves them without the opportunity to leave a change at least that's what they've thought.

XSS Vulnerabilities in E-banking Sites

The other day I came across to this summary with direct examples of various XSS vulnerabilities at E-banking sites, and I wonder why the results still haven't gotten the necessary attention from the affected parties :

"First of all you should realize, that this is not the first time, that we are doing such a website. The last time we hit a vast number of sites, mostly german banks. We have shown, that those sites, that should be most secure are not! Many visitors saw the site and also the banks seemed quite upset, nevertheless they fixed the problems, that we pointed at. You can check out the archive at: [English version] and [German version]. This project has been done as a direct reaction to the poll done in austria not long ago and which was reported at [this article] from Heise. For the english readers of you, this article basically says, that 9 of 10 people using online banking in austria trust the security, that their banks offer."

The best phishing attack at least from a technical perspective is the one that's using a vulnerability in the targeted's brand site to further improve its truthfulness, and believe it or not, certain phishing attacks are actually loading images directly from the victim's sites instead of coming up with the phish creative on their own.

Fake Terror SMS Sent to 10,000 People

This is serious, and while it was a hoax, it could have had much more devastating results acting as a propagation vector for malware, a phishing attack as the social engineering potential here for anything offline or online is huge :

"About 10,000 commuters who subscribe to the train operator's timetable messaging service received the threatening text message on Friday night after hackers broke into the system. The message, sent after 9.30pm (AEDT), reads: ALLAHU AKBR FROM CONNEX! our inspectorS Love Killing people - if you see one coming, run. Want to bomb a train? they will gladly help. See you in hell!"

ALLAHU AKBR means "God is the Greatest". Now which God is the greatest I'll leave up to your religious beliefs, though the Muslim motives are spooky and the attack directly undermines the citizens' confidence in their government's ability to protect them -- what I anticipate next are articles on how terrorists take control over the trains. I'm very interested in who's having acccess to the company's feature, and most importantly to what extend are they outsourcing, or was it an insider that used someone else's terminal to send the message? Here's a related post on the interest of various governments into developing an SMS disaster alert and warning systems and the related security/impersonation problems to consider.