Reveal TinyURL Links

Thursday, January 15th, 2009

TinyURL is a very handy service for shortening long URLs but it can also be used maliciously.  Anytime somebody wants to hide where they are sending you they can easily generate a TinyURL and you will not know where you will end up.  It could be a phishing site.  It ...

Browser Bug Could Allow Phishing Without Email

Monday, January 12th, 2009

A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer. In-session phishing (pdf) gives the bad guys a solution to the biggest problem facing phishers these days: ...

Google adds HTTPS-only browsing to Chrome

Friday, January 9th, 2009

Google has quietly released a pre-beta version of Google Chrome 2.0 with a new HTTPS-only browsing mode. The new feature lets users add “force-https to your Google Chrome shortcut” to only load Web sites with valid security certificates.   “Sites with SSL certificate errors will not load,” the company explained. The newest Chrome ...

New Phishing Kits Hit the Market: Trojan HTML Injections Now for Sale

Tuesday, January 6th, 2009

The economic lifecycle of the underground fraud community functions very similarly to the world of legitimate business. Online fraudsters have supply chains, third-party outsourcers, vendors, and online forums where people with skills and people with opportunities to commit fraud can find each other. The underground fraud supply chain is becoming ...

Twitter Security Collapses

Monday, January 5th, 2009

Days after a wave of phishing attacks fooled thousands of Twitter users, it appears that another security hole has been found by...someone. Obama's account, unused since election day, sent out an affiliate link to a survey with a gas card prize, Fox News said that "Bill O'Reily is gay" (not ...