• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Phishing attack

 
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How do i protect a site against phishing attack. I know phishing occurs when trying to send
data using form action eg. action="buy.jsp". The attacker can remotely phish attack the form action to his own stealing.
Judging from this scenario, how can i protect it against phishing attack assuming the site is hosted on either Linux or Windows Servers

thanks

 
author & internet detective
Posts: 41184
848
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's not a phishing attack. It sounds like you are describing man in the middle. Which you protect against using https and by using post so data isn't in the URL.
 
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:It sounds like you are describing man in the middle (MITM). Which you protect against using https and by using post so data isn't in the URL.



Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
https://coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle
 
Jeanne Boyarsky
author & internet detective
Posts: 41184
848
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I can't believe they are doing that!
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also me.. i can't believe they doing that..
 
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Pat Farrell wrote:
Sadly, on some smartphones, the phone vendors are explicitly doing a MITM attack, they claim it improves things. It clearly destroys any hope of security. See
https://coderanch.com/t/602568/Security/Nokia-admits-implementing-Man-Middle



WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?
 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Arun Giridhar wrote:WoW! .. Coooooool ... I Like IT . But why Nokia People need to disclose this evidence ?


Um, what? Nokia broke web security and privacy, and you think that's cool? You can bet they wouldn't have done so if it hadn't become public knowledge by some other means.
 
Arun Giridhar
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:
Um, what? Nokia broke web security and privacy, and you think that's cool?


Yes!
reply
    Bookmark Topic Watch Topic
  • New Topic