If Google and eBay can't do it…

How can you expect to secure your web applications if even Google and eBay with their thousands of developers fall prey to hackers? According to Websense this week one of Google’s services is harboring a keystroke logger that is at the main IP address for Googlepages.com. It targets particular banks so if you were infected with it and logged in to your bank account your credentials would be recorded and sent on to the hackers. This is an instance of the good guys discovering an exploit in the making. There are no signs yet of the spam attack it would require to get people to go to the special url that hosts the Trojan.

And then according to Netcraft a cross site scripting attack on the PayPal site is allowing hackers to redirect users to their server in
South Korea where their PayPal identities are stolen. » If Google and eBay can't do it… | Threat Chaos | ZDNet.com

Linked by shanmuga Wednesday, 21st June 2006 1:10AM