File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes  Phishing attack Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark " Phishing attack" Watch " Phishing attack" New topic
Author

Phishing attack

muntago Richard
Ranch Hand

Joined: Nov 13, 2010
Posts: 82
How do i protect a site against phishing attack. I know phishing occurs when trying to send
data using form action eg. action="buy.jsp". The attacker can remotely phish attack the form action to his own stealing.
Judging from this scenario, how can i protect it against phishing attack assuming the site is hosted on either Linux or Windows Servers

thanks

Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30753
    
156

That's not a phishing attack. It sounds like you are describing man in the middle. Which you protect against using https and by using post so data isn't in the URL.

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Jeanne Boyarsky wrote:It sounds like you are describing man in the middle (MITM). Which you protect against using https and by using post so data isn't in the URL.


Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30753
    
156

I can't believe they are doing that!
Almalyn caguioa
Greenhorn

Joined: Feb 01, 2013
Posts: 8
Also me.. i can't believe they doing that..
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 147

Pat Farrell wrote:
Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
http://www.coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle


WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?


hate Professionalism . Join the http://2014.hack.lu/index.php/Main_Page
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42275
    
  64
Arun Giridhar wrote:WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?

Um, what? Nokia broke web security and privacy, and you think that's cool? You can bet they wouldn't have done so if it hadn't become public knowledge by some other means.


Ping & DNS - my free Android networking tools app
Arun Giridhar
Ranch Hand

Joined: Mar 10, 2012
Posts: 147

Ulf Dittmer wrote:
Um, what? Nokia broke web security and privacy, and you think that's cool?

Yes!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Phishing attack