There's something about all this that doesn't make sense to me. One of the examples mentions that a user could wind up transferring money from their bank with a simple mouse click. So that would imply that the attacker has everything else in place to make that happen and is simply waiting for one mouse click. What is so special about the mouse click? Aren't there a number of events available they could use to trigger the same result?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11534/35250#35250