The Facebook login page generates an overly explicit error when an incorrect email is inputted, possibly allowing attackers to match stolen information to accounts. The Register reports that Facebook's login page is still leaking sensitive information, even though the website has just reversed a login feature th... |
19 August 2010
16:35 GMT |
 |
|
Mozilla's Creative Lead for Firefox, Aza Raskin, has devised a new phishing method that capitalizes on users' lack of attention to the order and content of their browser's tabs. Called "tabnabbing," the attack uses JavaScript to alter the content of a page opened in a browser tab, when the user moves a... |
25 May 2010
10:52 GMT |
|
|
In an ironic twist of faith, PayPal security staff mistakenly concluded that a legit email message sent by the company was a phishing attack. The message was forwarded back to them by a security professional who wanted to raise awareness about insecure practices.Randy Abrams, director of technical education at ESET, ... |
4 December 2009
10:18 GMT |
|
|
Google has silently implemented cross-site request forgery protection for Gmail authentication. The new feature comes in the form of a unique token stored in a browser cookie and checked when the login request is submitted.Cross-site request forgery (CSRF) attacks involve tricking a browser to perform a request that ... |
5 October 2009
09:46 GMT |
|
|
A phishing campaign has hit the Twitter micro-blogging service over the weekend, forcing its staff to issue an alert. The campaign has since morphed, and there are now at least two different variations in circulation. Phishers are using previously compromised Twitter accounts and the Direct Message feature to spam th... |
5 January 2009
05:35 GMT |
|
|
Find us on Google+
