Get your CodeRanch badge!*
The moose likes Security and the fly likes  Phishing attack Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark " Phishing attack" Watch " Phishing attack" New topic
Author

Phishing attack

muntago Richard
Ranch Hand

Joined: Nov 13, 2010
Posts: 82
How do i protect a site against phishing attack. I know phishing occurs when trying to send
data using form action eg. action="buy.jsp". The attacker can remotely phish attack the form action to his own stealing.
Judging from this scenario, how can i protect it against phishing attack assuming the site is hosted on either Linux or Windows Servers

thanks

Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29233
    
138

That's not a phishing attack. It sounds like you are describing man in the middle. Which you protect against using https and by using post so data isn't in the URL.

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4636
    
    5

Jeanne Boyarsky wrote:It sounds like you are describing man in the middle (MITM). Which you protect against using https and by using post so data isn't in the URL.


Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29233
    
138

I can't believe they are doing that!
Almalyn caguioa
Greenhorn

Joined: Feb 01, 2013
Posts: 8
Also me.. i can't believe they doing that..
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 140

Pat Farrell wrote:
Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle


WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?


Join IRC freenode ##javaee channel.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Arun Giridhar wrote:WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?

Um, what? Nokia broke web security and privacy, and you think that's cool? You can bet they wouldn't have done so if it hadn't become public knowledge by some other means.


Ping & DNS - updated with new look and Ping home screen widget
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 140

Ulf Dittmer wrote:
Um, what? Nokia broke web security and privacy, and you think that's cool?

Yes!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Phishing attack
 
Similar Threads
Servlet Security
are this questions welcome here?
Gone Phishing...
Server Security
login/password question