[Previous] Phishing for Carbon Credits - Vladimir's blog - RedStat...

 [Next] Protecting yourself from Banking Phishing emails...

Some related posts from Technorati and Google.

[I, Cringely] I, Cringely » Blog Archive » Authentication is Secondary ...: Gmail, by the way, already recognizes a lot of common attachment filetypes and offers to open them in a new browser window rather than downloading them to your PC first. Even if my ultimate goal is to download the file I often open it this way in the browser first, hoping that if it contains anything suspicious the Google servers will spot it first (actually I think they scan all attachments before you even see them in your inbox).

[Light Blue Touchpaper] Light Blue Touchpaper » Blog Archive » How online card security fails: I made a transaction that forced me to sign up for Verified for Visa yesterday - and the bank rejected it as coming from an insecure site. I can’t work out from what the customer service agent said whether they think the (fairly well known) retailer is dubious or whether it’s the same VFV iframe issue, but I’m going to carry on trying to boycott sites that insist on VFV

[Acunetix Web Application Security Blog] Acunetix Web Application Security Blog » Acunetix WVS Version 6.5 ...: Renamed Weak password module to Authentication module; now it also includes a good number of new authentication security checks

[Tech Support Forums - TechIMO.com] Share: Best 101 Free Computer Software For Your Daily Use - Tech ...: Opera - Opera introduces Speed Dial which vastly improves navigation to your favorite sites. In addition, there's Fraud protection, an anti-phishing detection keeps browsing safe and secure.

[Schneier on Security] Schneier on Security: Online Credit/Debit Card Security Failure: A bit of reading of the specifications for both OpenID and 3DS will tell you that in both cases you will be redirected to a provider, the authentication mechanism (strength, type, etc.) is between you and the provider, and the provider confirms the authentication back to the originating site. So the interface to 3DS verification and its strength is under the controller of the issuer, not VISA or the 3DS spec.

[Acunetix Web Application Security Blog] Acunetix Web Application Security Blog » Meeting PCI DSS ...: If used appropriately it will help you in automating most of the crawling process. The year debuted with ' Operation Aurora': Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies.

[Venditoris: Beware of Scams] ANNOUNCE: Apache SpamAssassin 3.3.0 available: - Bug 6206, Bug 2536: spamd: untaint directory as obtained from a password file or from vpopmail utilities, avoid implicit untainting; report error if user preferences file exists but cannot be accessed;

[myOneLogin: Internet Identity Services blog] myOneLogin: Internet Identity Services blog » Blog Archive » Are ...: But they are inherently more susceptible to phishing attacks than other types of sites. This is due to the layer of trust built into social networks.  If you get a direct message that seems to be from a trusted friend, you are more likely to believe it and click on its link than if it is from a Nigerian prince.  That’s just human nature.

[Wait till I come!] Wait till I come! » Blog Archive » Liberté, Accessibilité and ...: Failing to provide easy to use and stress-free interfaces and thus allowing for social engineering (”This is too hard for you, give me your password and I will fill this out for you”). Staying authenticated and logged in over a .

Reflected tags on Technorati: Blog, Phishing, Global Security Watch