Issue #33 June 2008
URL Redirection Flaw
by Sourabh Saxena
Harry gets an email from his bank stating that he has received some promotion offers so he should click on the link below to avail those offers. Harry ensures that the site is authentic by checking the name of his bank in the URL as he is aware of phishing attacks. He finds it to be a genuine URL of the bank, so he clicks the link. On clicking the link the login page of his bank is displayed to him. He enters his username and password on the login page. He gets an error page saying “The server is unable to process your request”.… more →
Mobile Banking - Threats and Mitigation
by Suraj Sankaran
In my previous article, I had explained the two common mobile banking architectures and exchange of information using one of the architectures. In this article, I’ll be explaining the threats observed and an ideal process to overcome these threats. The explanation would be based on the information exchange for the architecture discussed in my previous article. Each phase has the threats mentioned and a secure process to ensure these threats are mitigated.… more →
CSRF - The hidden menace
by Sapna Satish
Cross Site Request Forgery (also known as XSRF, CSRF, Sea Surf, Session Riding, and Cross Site Reference Forgery) is an attack that tricks the victim into taking some action on the vulnerable application without the victim’s knowledge. This can happen when the victim visits a webpage that contains a malicious request, which then performs the chosen action on behalf of the victim.… more →
Quiz: Cross Site Printing
What is Cross Site Printing?
- A typo for Cross Site Scripting
- A new Printing technology from Microsoft
- A new attack that prints to your internal printers when you visit a website
- None of these