Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-03-31 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Phishing Technique / Vulnerability Data Base Resource

Published: 2004-03-31
Last Updated: 2004-04-01 03:20:16 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
New Phishing Technique
A new phishing attack technique was discovered today in a Citibank scam targeting Citibank customers.
In this technique "the Address bar on the browser is spoofed, using Javascript and frames, the real address bar is suppressed and despite the HTTPS callout in the Address bar, there is no SSL padlock present in the lower corner of the browser."
References: http://www.antiphishing.org/phishing_archive/Citibank_3-31-04.htm
Open Source Vulnerability Data Base
The Open Source Vulnerability Data Base Project made an announcement today about the public availability usage of the Open Source Vulnerability Data Base.
This base intends to be " an open project to collect and distribute vulnerability information freely to everyone" .
" The OSVDB collects vulnerability data on every type of computer software and
operating system. Like other open-source projects, the OSVDB depends on the
wide expertise of its contributors to provide dependable information on many
technologies and security problems. The project's open-source license makes
the results freely available to users worldwide."
The project can be found at http://www.osvdb.org
Pretty calm day today...

Tomorrow is April 1st. Be careful about what you read...
-------------------------------

Pedro Bueno (bueno_AT_ieee.org)
Keywords:
0 comment(s)
Diary Archives