The idea is simple, if a site senses that you are using a targeted site like Chase.com then it secretly switches that tab to a fake login page. You think you are logging into a site that you already assure yourself is legit but you are actually giving your credentials away to criminals.

This scheme was unveiled by Aza Raskin at Mozilla. He is the creative leader of Firefox. Since this is only a Proof-Of-Concept as of this writing (May 2010), we surfers have a chance to change our ways before it becomes popular in the criminal world.

learning from a grave mistake- the Apache.org attack

On April 13th, Apache announced that some of their servers were successfully compromised last week. They wrote a very detailed article about every step of the attack and what they did to avoid it again. This is a recap of that article and some of the responses in the community.

The Sans diary is a great place to get a feel for what is out there. Some of the latest entries gave me an idea of some techniques used by cyber-fraudsters:

Well, word just in that Energizer Bunny is a threat to a PC's health and security. This points-out a couple of issues users need to address.

ITworld just had a good article about less-than-obvious theats which included some advice for a small wireless network that fits in your home or small office.

How many times have you seen a link at a blog or web-site that refers to something along the lines of "read me" or "document here"? What about http:tinyurl.com/abc. None of these options are safe and require some special attention.

I've advised people to check suspicious files at virustotal.com, now I'll say be careful.

VirusTotal.com is still what it used to be, but there is now a fake out there.

Here's a tweet from the project manager at VirusTotal.

http://twitter.com/jcanto/status/9685945726

According to a report published in the "Network World", the biggest vectors for web hacking in 2009 were social networks, SQL injection, cross-site-scripting, authentication abuse, and cross-domain-request-forgery.

The concern about social networks is something I've written about before. I use twitter to announce my money making projects, linked-in to outline my professional achievements, and face-book to socialize with others. However; I do not tweet my intimate thoughts, put a detailed resume on linked-in, or reveal anything too personal on my FB wall.

In January there was a big attack against Google that apparently used a flaw in Internet Explorer which got the name "aurora".