The idea is simple, if a site senses that you are using a targeted site like Chase.com then it secretly switches that tab to a fake login page. You think you are logging into a site that you already assure yourself is legit but you are actually giving your credentials away to criminals.

This scheme was unveiled by Aza Raskin at Mozilla. He is the creative leader of Firefox. Since this is only a Proof-Of-Concept as of this writing (May 2010), we surfers have a chance to change our ways before it becomes popular in the criminal world.

learning from a grave mistake- the Apache.org attack

On April 13th, Apache announced that some of their servers were successfully compromised last week. They wrote a very detailed article about every step of the attack and what they did to avoid it again. This is a recap of that article and some of the responses in the community.

The Sans diary is a great place to get a feel for what is out there. Some of the latest entries gave me an idea of some techniques used by cyber-fraudsters:

According to a report published in the "Network World", the biggest vectors for web hacking in 2009 were social networks, SQL injection, cross-site-scripting, authentication abuse, and cross-domain-request-forgery.

The concern about social networks is something I've written about before. I use twitter to announce my money making projects, linked-in to outline my professional achievements, and face-book to socialize with others. However; I do not tweet my intimate thoughts, put a detailed resume on linked-in, or reveal anything too personal on my FB wall.