Creepy (Full Version)

All Forums >> [Community] >> OutFront Discoveries



Message

jcm001 -> Creepy (2/5/2008 13:22:19)



http://news.netcraft.com/archives/2008/01/08/italian_banks_xss_opportunity_seized_by_fraudsters.html



Tailslide -> RE: Creepy (2/5/2008 14:25:01)

Bloody hell! That's certainly a step up from the normal scam!



rdouglass -> RE: Creepy (2/5/2008 15:00:04)

This is *very* disturbing to me:

quote:

...the URL employed by the attack injects a series of numbers directly into a JavaScript function call that already exists on the bank's LoginServlet page.


Is it time to get rid of JS as well? So for instance, I have a small very unobtrusive scrolling JS on a page. So now I have to worry 'bout some hacker sending a URL and essentially nullifying my SSL cert?

As I frequently say "It's a scary world out there."



mtfm -> RE: Creepy (2/6/2008 11:07:52)

Great. Just great.

It never fails, once something good comes along, people have to come along and ruin it.

Bank robbers don't even need a mask and a gun anymore to rob people blind.

Bunch of parasites.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
3.515625E-02