Monday, May 23, 2005

Web Site Flaws Let Spammers, Phishers Build User Profiles

Gregg Keizer writes on TechWeb:

Spammers and phishers are using new kinds of attacks to build wide-ranging profiles of online users -- everything from their political views to their sexual preference -- a security firm said Monday.

Blue Security, which has offices in Menlo Park, Calif., and Israel, laid out details of what it's calling "registration attacks" and "password reminder attacks" in a report released Monday. Together, these attacks are used, said Blue Security's chief executive Eran Reshef, to conduct hostile profiling of Internet users.


In a registration attack, a spammer tries to register large numbers of e-mail addresses -- using automated scripts somewhat similar to those used in directory harvest attacks -- with a variety of Web sites. Because sites typically return errors on addresses already in use -- Reshef said his research showed a majority of sites do this -- spammers and phishers can determine not only which addresses are valid, but match an address with a Web site.

0 Comments:

Post a Comment

<< Home