XSS (Cross-Site Scripting. not CSS) is a type of computer attack where malicious people insert bad code into seemingly innocent web pages.
Phishing is the attempt of a malicious person to make a forged web page to encourage a user to give some personal information (login credentials, etc...) via deception.
A new attack has been discovered that will allow XSS and Phishing to occur together.
The problem users face is that this attack will use the legitimate sites credentials (SSL certificate, otherwise known as "the lock picture in the bottom corner").
This problem has a simple solution however. Bookmark sites that you have to log in to. Then only visit these sites via your bookmarks. If a site ever changes the login web page, update your bookmark. This way if you ever get a suspect email, IM or carrier bird, you can visit the known good site and see if there are any comments that would verify the sketchy communication.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment