News: Allstate Illinois Data Center Achieves LEED Gold Certification
Blogs: M&M’s --- Part I - This stands for Marketing and Money
Blogs: Sometimes not making money is ok....
(WEB HOST INDUSTRY REVIEW) -- Using a crafty combo of wildcard DNS records and cross-site scripting vulnerabilities, a new wave of phishing attacks on eBay is using others' websites to help steal credentials from victims using a fake login, according to UK research and security firm Netcraft (www.netcraft.com).
The fraudulent eBay login forms are still accessible through affected wildcard domains, according to Netcraft, which first spotted the attacks February 10 and continue to pose a threat.
According to Netcraft, the perpetrators of the attack launched it on a number of sites using vulnerable versions of iRedirector Subdomain Edition, a PHP and MySQL-based system that allows website owners to use wildcard DNS records on their domains to redirect subdomains. A cross-site scripting vulnerability on these sites lets the attackers inject framesets into specific pages, which load content from malicious websites hosted in France presenting a fraudulent eBay login page. If submitted, the malicious page sends the user's eBay identity and password to a site hosted in South Korea.
Because the vulnerable sites can be accessed via wildcard DNS records, phishers can make their fake hostnames look very convincing, using URLs similar to those genuinly used for the eBay login page. Also, using wildcard DNS records means an arbitrary hostname can be used for each attack, allowing each vulnerable site to be used for many different targets.
If that wasn't enough, Netcraft also reports that fraudsters can find additional sites with the same vulnerabilities using a simple Google search. For those that are vulnerable, upgrades of iRedirector are in order.
 |
PREVIOUS: Trustwave Buys NAC Provider, Mirage Networks | | | NEXT: SOASTA Launches CloudTest Global Platform |  |
Read Back Issues of WHIR Magazine
October 2009 - Web Hosting's All Star Team
This has been, for us, one of the most interesting, exciting and challenging build-ups to an issue of the magazine yet, Web Hosting's All Star Team. The balloting process was our first experiment with a kind of user participation we're planning to do a lot more with in the months to come. We had thousands of ballots submitted, with hundreds of write-in suggestions and a demonstration of user engagement that has us feeling super positive about the project.
About This Issue | Read Digital Edition
July 2009 - What am I Worth?
One of the interesting luxuries of working on a project like the printed WHIR magazine is that it allows us to play with things like our point of view from one issue to the next. In recent months we've been giving added attention to the kind of practical and applicable advice aimed at smaller hosts and resellers. This issue carries on with that point of view, asking, in our cover story, "what am I worth?" It's a complicated question without a clear-cut answer.
About This Issue | Read Digital Edition
May 2009 - The Blueprint for a Small Web Host
I was a little surprised by how difficult it became to see this idea through. We set out to assemble a blueprint for a small hosting business, but butted up pretty quickly against the general impossibility of covering all the territory that was out there to be covered. The basic constraints of a printed magazine, and the less-than-infinite amount of time we had available forced us to face the fact that we could never produce an exhaustive guide to starting a hosting company.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.