|
WebApp Sec
mailing list archives
RE: [in] Warning about accessing / attacking phising and spoofing sites
From: "Curt Purdy" <purdy () tecman com>
Date: Sun, 19 Dec 2004 18:34:18 -0600
Amir Herzberg wrote:
You both probably meant this as a joke, but just for safety,
let me warn anybody against doing this, or entering phishing
sites `just for fun`.
Since we're doing research on secure user-interface
extensions to browsers to prevent web spoofing and phishing,
I've been looking at many phishing and spoofing web sites
(see article at
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.ht
m or extension for Mozilla/FireFox at
http://trustbar.mozdev.org). However, this should be done
very carefully (read: from a specially protected, not
sensitive machine), since many of these sites try (also) to
use different browser vulnerabilities to break into machines.
<snip>
Which is why I always use a VMWare image to do this type of research. As a
SOP, I always throw away the image after doing my research and start up
another copy next time. This is about the only way I will run windows
anyway and is defentately the only way I will run IE.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-----------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
 By Date 
By Thread
Current thread:
|
