 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 2/4/07, Grant M. <gmongardi at napc.com> wrote: > No, Ebay justs lets you login, and happily redirects you to the fake > login page, but gives no real indication that it has done so. The effect > is that you believe that you haven't actually logged-in correctly and > you try again, but the second time you are using the spoofed page, where > your login details are recorded, and you are then returned to ebay, and > it appears that you have now successfully logged in (you have, but it > happened after the first login). It's a well thought-out spoof in my > opinion. That's pretty slick! Well, everyone should know by now not to ever click a link in an email, unless you have verified and trust the sender (GPG helps). This is just one more example. Even if you tried to verify the remote server, it would be legit (until the redirect). But your caution has already worn off by then...and you got pwned ;-) Rarely, when I see these emails (Gmail catches almost everything), I usually whip out a script to pound their servers with random login info to pollute their databases. If not to slow them down a little bit, at least maybe it annoys them and that makes me happy...heh -- Kristian Hermansen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
