What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank’s web application directory structure is in fact using the bank’s legitimate domain names as redirectors due to XSS flaws within. It’s even more interesting to measure the average time it takes for a bank to fix the XSS flaws within its sites upon getting notified of them, which in some cases is longer than the average time it takes to shut down a phishing site. [Read More…]
Source: ZDnet
Filed under: Exploits, General Security, Hacking, Vulnerabilities
