Re: Identity Theft

To: debian-user@lists.debian.org
Subject: Re: Identity Theft
From: Jeremy Ardley <jeremy@ardley.org>
Date: Tue, 21 Dec 2021 10:13:07 +0800
Message-id: <[🔎] 2ad10acb-8114-f6e1-2173-adab99fd3bda@ardley.org>
In-reply-to: <[🔎] 8c360b4c-42fb-f7de-96ab-b6958c31e2f9@ardley.org>
References: <[🔎] 202112201032.31524.rhkramer@gmail.com> <[🔎] 20122021192509.6807369e9dc0@desktop.copernicus.org.uk> <[🔎] 202112202059.59274.rhkramer@gmail.com> <[🔎] 8c360b4c-42fb-f7de-96ab-b6958c31e2f9@ardley.org>

On 21/12/21 10:09 am, Jeremy Ardley wrote:s.

There is a type of attack called cross-site scripting (XSS). It'smostly been eliminated by latest version browsers, but there arealways zero-day vulnerabilities.
The effect is that if you are vulnerable and have two tabs open, oneto the legitimate site, and one to a bad guy site, the bad guy canalter your trusted site and for instance change a valid link intosomething malicious, or change a displayed phone number.
More at https://owasp.org/www-community/attacks/xss/

You can mitigate XSS by having a single browser that is used solely toaccess high value sites. e.g. if you routinely run Firefox, have a copyof Vivaldi that you use to access your banks - one at a time.


--
Jeremy

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Identity Theft
  - From: local10 <local10@tutanota.com>
- Re: Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

References:
- Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Brian <ad44@cityscape.co.uk>
- Re: Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Jeremy Ardley <jeremy@ardley.org>

Prev by Date: Re: Identity Theft
Next by Date: Re: vulnerability classifications (was: Re: Identity Theft)
Previous by thread: Re: Identity Theft
Next by thread: Re: Identity Theft
Index(es):
- Date
- Thread