This isn't just another presentation about phishing scams or cross-site scripting (XSS). We're all very familiar with each of those issues. Instead, we'll discuss the impact when the two are combined to form new and highly effective hybrid attacks. Phishers are beginning to utilize these techniques, creating new phishing attacks that are virtually impervious to conventional and more sophisticated security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer limited protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams are launched not from look-alike web pages, but instead from legitimate websites!
This presentation features live demonstrations of the execution of these attacks. You'll see cutting-edge exploits that can effectively turn your browser into spyware with the use of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks. The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security industry familiarize themselves with these new threats to protect their websites and confidential information.
Gates 4B (opposite 490) Tuesday 11/15/05 1630 hrs