Phishing Exposed

Chapter 5: The Dark Side of the Web

Introduction

Before we get into this chapter s discussion, I owe a thank-you to Anton Rager, Anthony Moulton, and Amit Klein (whom I collectively call the A Team) for assisting me in researching and expanding my knowledge of HTTP, DOM, and filter-evasion techniques. At the same time, I owe a warning to readers: This is probably the most controversial chapter in this book.

Warning

The chapter that you are about to read contains very limited restraint in regard to vulnerability exploitation of live targets. These targets were at one time vulnerable to these attacks and are highlighted here to demonstrate a very real threat that we face unless businesses make an effort to address this problem. All vendors discussed in these examples were notified of the vulnerabilities before this book was published, and this information is provided for educational purposes only.

In the previous chapter, we successfully located multiple vulnerabilities that enabled us as the phisher to launch cross-user attacks against our potential victims. The small set of examples we looked at were all potential targets for phishers to feast on. Here, we jump right into the impact that these located vulnerabilities could have on business and the consumer. Before we begin, we need to look at yet another overview this time a brief understanding of DHTML and the Document Object Model.

What Is Dynamic HTML, Really?

Dynamic HTML, or DHTML, is literally a dynamic form of HTML, but what does that mean, exactly? To understand DHTML, we have to consider what...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Media and Presentation Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.