lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 11 Jan 2006 15:58:01 -0500 (EST)
From: Paul Laudanski <zx@...tlecops.com>
To: Stelian Ene <stelian.ene@...adtech.com>
Cc: bugtraq@...urityfocus.com, <webappsec@...urityfocus.com>
Subject: Re: PayPal Phishing Site Exploits Google XSS Vulnerability


On Wed, 11 Jan 2006, Stelian Ene wrote:

> Paul Laudanski wrote:
> > There is a new PayPal phishing site that is crafty and cunning in
> > attempting to hide its true address from the surfer. Unsuspecting users
> > might fall for this devious trickery. It is thru a Google XSS attack that
> 
> That XSS attack was solved some time ago. This is simply using the well
> known google.com/url?q=http://YOURURLHERE trick.
> I wouldn't call this a security vulnerability, and google is certainly
> not the only one affected. It's rather a social engineering scam: the
> users clicks on a google link and does not expect to end up someplace
> else...

Hi Stelian, thanks for the reply.  The article addresses the Google XSS 
vulnerability by way of Securiteam.  The article is not focusing on the 
Google XSS itself per se, but rather that new phishing scams are 
exploiting this to snare unsuspecting PayPal users.

Unfortunately, these attacks are going further than that by concealing the 
true address location in the browser.  The article and video reveal all of 
this in the hopes that no one will fall prey.  Not to mention there are at 
least two real world scams using all of these techniques and glitches.

Yes there are other sites vulnerable to this kind of XSS, but none of them 
carry the same brand name.

The newest domain I'm seeing involved in this trickery on top of the first 
one from last night is: 210.110.166.167

These phishing scams need to be shut down, whether they use XSS or not.

--
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ