Carrier security feature opens door to phishing
Smartphone users on at least 48 cellular carriers may be vulnerable to traffic hijacking and phishing attacks, according to researchers from the University of Michigan. A paper to be presented this week at the IEEE Symposium on Security and Privacy alleges that researchers were able exploit a carrier security feature to hijack connections to Facebook, Twitter, Windows Live Messenger, and the AdMob advertising network, and to spoof traffic for banks and financial institutions.
Latest variation making the rounds
Though most Mac users already know never to send their login information for any site in response to an e-mail (often posing as the user's bank, brokerage firm, Apple or other name-brand internet companies), variations on the phishing e-mail continue to pop up, particularly just before and after Christmas. The Mac Observer's Bryan Chaffin reports getting a new one specifically aimed at MobileMe users.
Flash blocking improved with new features
The Camino Project has released an update to its self-titled browser for Mac OS X. Version 2.0 adds a tab overview feature that allows users to quickly browse all open tabs in a layout preview. Tabbed browsing has also been improved with drag-and-drop rearranging, a scrollable bar, and a dedicated menu listing all of the open tabs.
New MobileMe scam
MobileMe subscribers are again being targeted in an updated phishing scam, investigation reveals. Similarly to earlier attempts, the scam beings with an e-mail, prompting people to update their credit card information in advance of an upcoming renewal date. A link is provided to log into MobileMe, but in reality it guides users to a different domain -- "http.apple-billing.me.uk" -- which spoofs the design of the Apple online store, and tricks unwitting visitors into sharing credit card data.
MobileMe phishing scam
Malicious users are again targeting MobileMe customers with a phishing ploy geared towards obtaining credit card information. According to UGN InfoManager, the scam comes in the form of a billing verification email from Apple, which leads users to an official-looking website. The site is hosted on a fraudulent web server, the domain name being klubdna.com, despite the visual resemblances to Apple's MobileMe account page.
iPhone open to Phishing?
Security researcher Aviv Raff says the iPhone versions of Mail and Safari are vulnerable to URL spoofing, an exploit that could open the door to phishing attacks. Raff says hackers can e-mail specially-designed URL that links to a site that appears to be legitimate. A user might think it is a trusted site like Pay Pal -- but instead the bogus site steals passwords and other information when the user tries to log on. The maliciously crafted URL is (erroneously) recognized by Safari as a "trusted site."
Apple iTunes targetted
Apple's widely recognized iTunes is being used to lure users to a phishing scam that could allow hackers to obtain private credit card and personal information. The world's most popular music store is being used as part of a series of sophisticated identity theft attacks for the first time, a security company noted on Tuesday. The Computerworld report says that users began receiving spam email messages on Monday telling them that they must correct a problem with their iTunes account; however, the link leads to a third-party site masquerading as an iTunes billing update page: "that phony page asks for information including credit card number and security code, Social Security number and mother's maiden name," the report noted.
Safari vulnerable to phish
PayPal warns its members to avoid using Safari when making transactions, since it has a distinct lack of protection against phishing – the act of coaxing a user to click on a false link on a false web page for malicious purposes. PayPal users are typical targets for phishing attempts, where the page asks users for their personal login information. Once this information is collected, malicious users have free reign over a compromised PayPal account.