There’s a 0-day vulnerability affecting Safari 4.x users, it’s not critical, but it is important to be aware of it.
<link rel="stylesheet" type="text/css" href="www.yahoo.com">
//setTimeout is used just to wait for page loading
Listing 01 – Apple Safari Stylesheet Redirection PoC
Cesar Cerrudo has discovered this vulnerability, and discussed that Safari wasn’t able to display the LINK specified in href value, instead it reads the stylesheets to redirect to a target URL.
Malicious user may take advantage of this vulnerability to steal sensitive information.
Be cautious when surfing the net!
Please be careful when shopping online. Here’s simple tips on how to detect suspicious vendors:
1) You can’t find sufficient details to verify the store such as contact number and store location.
2) You can’t find interactive review. Static review such as “Testimonials” page can be easily crafted.
3) Check DNS table of the IP address. Whois provides enough information for you to trace the people behind the suspicious website. In most cases, you’ll find association and history to various forms of fraudulent activities.
Best choice is to buy from known legitimate retailers and online stores. It may be costly, but it assures your online transaction is secured, provides buyer protection and guarantees satisfaction.
Engaging into fraudulent online deals could cause your identity and your money.
Updated as of 15.01.2010
I received this message from Skype (below) which links to a very similar looking website. Of course, it’s a certified scam.