Quote:
We are seeing far more Trojan based attacks - still very easy to infect millions of Winblows PCs and all an attacker needs to do is either key log or alter your browser to log in to 'badsite.com' (tm) and pretend you are at 'yourbank.com'


All they have to do is add an entry in the system's hosts file to specify an IP address for the targetted domain, and the user will never be able to tell they're looking at a scammer's site. Macs are vulnerable too.

I think it would make for a great browser feature/plug-in that pops up a warning message anytime you visit a domain who's address was resolved locally. "WARNING: You might be getting scammed."

Quote:
Fun times ahead - a good time to be an infosec professional. I know I need more people in my team...anyone interested?


Yeah, I am.