According to security research firm Netcraft, an EA Games server was hijacked by hackers and is being used to steal Apple ID logins. The compromised server hosts two websites on the ea.com domain. The EA server was used to host a calendar powered by a 2008 version of WebCalendar with known security vulnerabilities. The flaws allowed an attacker to modify settings in the software and execute arbitrary code. This and other security flaws were patched in recent updates to the WebCalendar software, but these releases were not applied to the version installed on EA’s server. Once compromised, the server was turned into a phishing site that attempted to trick Apple owners into divulging their Apple ID, password and other sensitive information. The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website … Netcraft alerted EA Games to the compromised server, but it was still online as of Wednesday morning. As always, be cautious when you receive an unexpected email from Apple or are prompted to enter your Apple ID into an unknown website. If you are concerned about your Apple ID, ignore links in emails or on websites and visit Apple’s website directly at http://ift.tt/k8WFVt. [Via AppleInsider] Continue reading
from iPhone Hacks | #1 iPhone, iPad, iOS Blog » iPhone 4 Camera Beats HTC EVO 4G, Samsung Galaxy, Droid X In Showdown
No comments:
Post a Comment