Tuesday, December 07, 2004

Apropos of Pearl Harbor Day

A vulnerability known as "cross-site scripting vulnerability," has been used to get some Internet banking users to divulge their account information.  Details here.  The significance of this is that the vulnerability overlays fake web page elements onto a real banking site, so it appears authentic.  In order for it to work, though, the user must follow a link that is sent in an e-mail, asking users to "verify their account information."  That, by now, should be a tipoff to anyone. 

If money is involved, don't follow links in e-mail.  Close the e-mail, and navigate to the site as you normally would.  And use a better browser.