Phishing Para-Sites

Wikipedia defines a parasite as “an organism that spends a significant portion of its life in… a host organism… without immediately killing it.” Phishers host their web sites using a number of methods (free hosting, shared hosting with stolen credit card, hacked servers, etc) but a common and growing method occurs when phishers take advantage of insecure web applications that allow them to upload their phishing site to run as a part of another site. [Read More]

Microsoft Responds to IE7 Tabs Post

Bruce Morgan, dev manager for the IE tabbed browsing team, commented on my original post on IE7 tabs - thanks Bruce! His comment provides more depth into why MS chose the each-tab-gets-its-own-toolbars route. In short - appcompat weight heaviest in making the decision, and 3rd party toolbars will indeed require extra UI space. Just so no one misses it (buried at the bottom of the comments of the previous post), here's the comment: [Read More]

Phishing through Google

As a follow up to Phishing eBay through Doubleclick, here's an example of a Union Planters spoof linked through Google. http://www.google.com/url?q=%68%74%74%70%3a%2f%2f211.5.200.10/unionplanters/ The URL bounces through Google (who could probably tell us how many users have clicked it) and lands on the spoof site: http://211.5.200.10/unionplanters/ This isn't quite as dangerous as the eBay/Doubleclick redirects mentioned above, but Google's redirecting could make it easier for someone to phish Google adwords accounts in the future. [Read More]

IE7 Tabs to Gorge on Memory, Waste UI Space

Microsoft's Tony Schreiner is in charge of the IE7's tabbed browsing features. He posted today about the complications of adding tabs to IE. I still maintain that MS should have hired me to help in this process (quals: 7+ years of IE tabbed browser development) but they weren't interested. Anyway… Perhaps the trickiest decision MS was whether to break compatibility with 3rd-party IE toolbars. Currently, IE toolbars are "tied" one toolbar to one IE window. [Read More]

Warning Images on Spoof Sites

I stumbled on a new (to me) technique to defend against phishing attacks today. A little background. Spoof sites use the same images as the sites they are spoofing. Sometimes those images are stored on the same server as the spoof site, and sometimes they are hot-linked to the target site directly. When image are hot-linked they are pulled from the target site and displayed on the phishing site. Check out this spoof of Royal Bank of Canada we saw today. [Read More]

More Confused Phishers

Here's an excerpt from another multiple-personality phishing email. I wonder if this is from the same group that conflated WAMU, Charter, and Regions Bank. We recently reviewed your account, and suspect that your Charter One Bank Internet Banking accountmay have been accessed by an unauthorized third party. Protecting the security of your account and of the Washington Mutual network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. [Read More]