Segurança Informática: Man in the mobile

do blog S21sec:

"(...) many companies (not only financial institutions) are using SMS as a second authentication vector, so having both the online username and password is not enough in the identity theft process. There are some social engineering techniques in the wild that try to handle this issue by luring the user; the user thinks that is doing a specific operation, but in fact he is doing other forged one (man-in-the-browser, JabberZeus, etc.)

In this post, we are going to talk about a better alternative planned by a ZeuS gang: infect the mobile device and sniff all the SMS messages that are being delivered."

Os posts:
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-iii.html

Segurança Informática

Man in the mobile

Segurança no Software - Livro

Popular Posts

Notícias: ZDNet Zero Day

Notícias: DarkReading

Notícias: Schneier on Security

Notícias: OWASP AppSec

Notícias: ENISA

Notícias: Yahoo! Security

Notícias: HPCintheCloud: Security

Blogroll

Blogroll em Português

Conferências

Arquivo do Blog

Segurança Informática @Facebook

SANS Information Security Reading Room

Symantec Connect - Security - Blog Entries

Etiquetas

Nível de Ameaça

Vulnerabilidades

Podcasts

Links

Comic strips

Seguidores