Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Website Security Solutions

Showing posts tagged with Malware
Showing posts in English
Tim Callan | 15 Jul 2009 | 9 comments

We're seeing active discussion online about the possibility of hijacking a single frame in a production site to steal logins or PII. The scenario is that a criminal gang would redirect this frame (through DNS poisoning, let's say) and populate it with its own content from servers under its control. Presumably this content would involve form fields asking for information the criminals want to receive and which you would be willing to share in this context (such as your bank account login or social security number).

Now, the recent dialog is around the scenario where this proposed attack happens on a site with an Extended Validation SSL Certificate. The certificate identifies the controller of the top-level frame and does not report on the sources of any internal frames in that page. That is in keeping with near-ubiquitous practices in consumer...

Tim Callan | 07 Nov 2007 | 0 comments

Yesterday I discussed the possibility of Presidential campaigns being phished. This article in SC Magazine explains the criminal activity we already have seen in this arena.

The essence of the story is that anti-virus software vendor Webroot just in the past few days announced that is had detected malware attacks against major Presidential campaigns. Reports SC Magazine,

the campaign websites of Obama, a Democratic senator from Illinois, and Paul, a Republican representative from the 14th Congressional District of Texas, have been spoofed as part of online scams.

The article goes on to say...

Tim Callan | 06 Nov 2007 | 0 comments

In light of Ron Paul's massive fundraising day yesterday ($3.8 million raised online in a single day) one security blogger has brought up the question of phishing attacks against Web-based political fundraising. In his Threat Chaos blog Richard Stiennon asks the question,

But how many of those 35,000 donors checked the URL carefully before providing their credit card information as well as the name of their employer? Was it a phishing site they were visiting?

Richard is exactly right to be asking this question. As I have pointed out in the past, phishing attacks a great deal more than simply banks. Why are they not attacking online political parties? They probably are. And if they aren't, it's only a matter of time until they do.

Tim Callan | 12 Sep 2007 | 0 comments

Today StopBadware.org announced that VeriSign has become a new sponsor. StopBadware describes itself as "the consumer protection initiative developed to combat badware."