|
What would the perfect phishing attack from a social engineering perspective? |
|
|
|
|
Written by crashoveride
|
|
Wednesday, 02 July 2008 |
HSBC sites vulnerable to XSS flaws, could aid phishing attacks
The one that compared to using typosquatted domains
impersonating the bank’s web application directory structure is in fact
using the bank’s legitimate domain names as redirectors due to XSS
flaws within. It’s even more interesting to measure the average time it
takes for a bank to fix the XSS flaws within its sites upon getting
notified of them, which in some cases is longer than the average time
it takes to shut down a phishing site.
In yet another compilation of XSS vulnerable sites coutesy of Dimitris
Pagkalos at XSSed.com, the largest online archive of XSS vulnerable
websites, HSBC Holdings plc owned domains are vulnerable to XSS flaws
which could easily aid in a phishing attack.
|
|
Last Updated ( Wednesday, 23 July 2008 )
|
