Re: Identity Theft
Intentionally top posting:
Just in an effort to keep my warning on target, I (and I think the consensus of
others on this list) is that the problem that occurred was not an XSS attack).
Remember that the incident was that I dialed a known good number of a financial
institution 3 times, 2 times I got the financial institution, one time I got a
scammer.
(And further, the Google Voice logs show that I dialed the same number all
three times.)
On Saturday, December 25, 2021 12:03:00 PM Andrei POPESCU wrote:
> On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote:
> > On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
> >
> > > There is a type of attack called cross-site scripting (XSS). It's
> > > mostly been eliminated by latest version browsers, but there are
> > > always zero-day vulnerabilities.
> > >
> > > The effect is that if you are vulnerable and have two tabs open, one to
> > > the legitimate site, and one to a bad guy site, the bad guy can alter
> > > your trusted site and for instance change a valid link into something
> > > malicious, or change a displayed phone number.
> > >
> > > More at https://owasp.org/www-community/attacks/xss/
> >
> > You can mitigate XSS by having a single browser that is used solely to
> > access high value sites. e.g. if you routinely run Firefox, have a copy
> > of Vivaldi that you use to access your banks - one at a time.
>
> Hopefully Multi-Account Containers helps with this as well, point 4. in
> the "What you can do with Multi-Account Containers" seems to imply it.
>
> https://support.mozilla.org/en-US/kb/containers
Reply to: