Sign in / up

back to article Google and eBay thwart phishing redirection ruse

High-profile websites have cleaned up their act after a small team of security researchers documented how they were unwittingly helping phishing fraudsters. Phishing scams often use "open redirector" exploits on major sites to make their attack URL look more legitimate. The trick also makes it more likely that fraudulent …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Iain Black
    Alert

    security 101

    Was about to write.. this really is security 101... and then noticed that a page I wrote around 6 years ago has the same vunerability. Oops :-[ ]

    But in my defence: 1- I now know better 2- I was only learning dynamic web pages at the time and 3- I was not a multi billion dollar company!!

    Must go over 7 year old Perl code now...

    0 0
  2. Anonymous Coward
    Anonymous Coward

    Google redirection you say?

    http://www.google.com/search?q=%22paris+hilton%22&as_sitesearch=theregister.co.uk&btnI

    If you're inventive with the q and as_sitesearch parameters you can have hours of fun. People see a Google query and don't think to check for the site.

    0 0
  3. Edward Pearson

    30 Second Effective Fix.

    99% of these redirect scripts can be secured through the use of a referrer check.

    0 0
  4. Anonymous Coward
    Anonymous Coward

    Have they really cleaned up their act?

    Um well about 75% of the spam I get has has links referred to by AOL, MSN, Yahoo and, yes, still Google. news.google.tw seems to be the favourite. So I don't think Google has cleaned up its act at all; I think it is effectively supporting spammers (maybe not phishers though, but effectively they are all the same now). Appalling behaviour I'd say.

    0 0
This topic is closed for new posts.