This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes  Phishing attack Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark " Phishing attack" Watch " Phishing attack" New topic
Author

Phishing attack

muntago Richard
Ranch Hand

Joined: Nov 13, 2010
Posts: 82
How do i protect a site against phishing attack. I know phishing occurs when trying to send
data using form action eg. action="buy.jsp". The attacker can remotely phish attack the form action to his own stealing.
Judging from this scenario, how can i protect it against phishing attack assuming the site is hosted on either Linux or Windows Servers

thanks

Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30146
    
150

That's not a phishing attack. It sounds like you are describing man in the middle. Which you protect against using https and by using post so data isn't in the URL.

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Jeanne Boyarsky wrote:It sounds like you are describing man in the middle (MITM). Which you protect against using https and by using post so data isn't in the URL.


Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30146
    
150

I can't believe they are doing that!
Almalyn caguioa
Greenhorn

Joined: Feb 01, 2013
Posts: 8
Also me.. i can't believe they doing that..
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 146

Pat Farrell wrote:
Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle


WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?


hate Professionalism
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
Arun Giridhar wrote:WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?

Um, what? Nokia broke web security and privacy, and you think that's cool? You can bet they wouldn't have done so if it hadn't become public knowledge by some other means.


Ping & DNS - my free Android networking tools app
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 146

Ulf Dittmer wrote:
Um, what? Nokia broke web security and privacy, and you think that's cool?

Yes!
 
Consider Paul's rocket mass heater.
 
subject: Phishing attack
 
Similar Threads
Gone Phishing...
login/password question
Servlet Security
Server Security
are this questions welcome here?