Online banking users are hopefully aware of the need to login to their banks web-based system using secure means, such as via a web site protected using SSL encryption. Every legitimate bank offers such protection, normally disallowing customers the ability to login via unsecure means. But not every bank appears to be conscious of the myriad of potential security risks associated with their site. Navy Federal Credit Union is plagued by a huge security vulnerability on their web site and is possibly the easiest bank on which to perform a phishing expedition.
Updated – August 12, 2009: Added correspondence from the RSA Anti Fraud Command Centre and SliceHost Support regarding a take-down notice and trademark infringement claim. This little article has apparently generated some interest and visibility by an NFCU “security” contractor.
Updated – August 15, 2009: The saga appears to have come to an end as the RSA AFCC responds to SliceHost after TechMiso stipulates the content was not infringing. The attack dogs are ostensibly caged for now.
Read the full story …
Highly popular micro-blogging site Twitter has had a series of widespread security incidents over the course of the last week, culminating when high profile accounts owned by President-elect Barack Obama and Britney Spears were hacked. In addition to Obama and Spears, approximately 30 other accounts had inappropriate tweets generated by this latest round of attacks.
Following these highly publicized incidents, such as the recent Twply issue followed by the widespread phishing scam aimed at Twitter users, one has to wonder what, if anything, Ev and Co. are going to do to improve Twitter’s security.
But is mitigation ultimately Twitter’s responsibility? I say no.
Read the full story …
The world was shaken apart this New Years weekend when a substantial number of Twitter users received a Direct Message (DM) directing them to a phishing site hosted on Google’s Blogspot. The phishing scam was seemingly designed to steal the Twitter credentials (ie. username and password) of unsuspecting visitors. A lot of chatter about the phishing scam continues on Twitter even though the fire has been mostly extinguished. Naturally, Mashable, Inquisitr and many others have picked up the story.
If you have received, or do receive a DM directing you to a malicious web site using an access-logins.com domain, I encourage you to not enter your Twitter credentials at the site, should you opt to visit. If you use Firefox, the site has already been added to their phishing database and should be automagically blocked by default.
Read the full story …
