Phishing Para-Sites

Wikipedia defines a parasite as “an organism that spends a significant portion of its life in… a host organism… without immediately killing it.” Phishers host their web sites using a number of methods (free hosting, shared hosting with stolen credit card, hacked servers, etc) but a common and growing method occurs when phishers take advantage of insecure web applications that allow them to upload their phishing site to run as a part of another site. [Read More]

Microsoft Responds to IE7 Tabs Post

Bruce Morgan, dev manager for the IE tabbed browsing team, commented on my original post on IE7 tabs - thanks Bruce! His comment provides more depth into why MS chose the each-tab-gets-its-own-toolbars route. In short - appcompat weight heaviest in making the decision, and 3rd party toolbars will indeed require extra UI space. Just so no one misses it (buried at the bottom of the comments of the previous post), here's the comment: [Read More]

Phishing through Google

As a follow up to Phishing eBay through Doubleclick, here's an example of a Union Planters spoof linked through Google. http://www.google.com/url?q=%68%74%74%70%3a%2f%2f211.5.200.10/unionplanters/ The URL bounces through Google (who could probably tell us how many users have clicked it) and lands on the spoof site: http://211.5.200.10/unionplanters/ This isn't quite as dangerous as the eBay/Doubleclick redirects mentioned above, but Google's redirecting could make it easier for someone to phish Google adwords accounts in the future. [Read More]

IE7 Tabs to Gorge on Memory, Waste UI Space

Microsoft's Tony Schreiner is in charge of the IE7's tabbed browsing features. He posted today about the complications of adding tabs to IE. I still maintain that MS should have hired me to help in this process (quals: 7+ years of IE tabbed browser development) but they weren't interested. Anyway… Perhaps the trickiest decision MS was whether to break compatibility with 3rd-party IE toolbars. Currently, IE toolbars are "tied" one toolbar to one IE window. [Read More]