Aggregators: secure your Web forms now

I received a tip that attackers are targeting content aggregators and mobile subscribers via Web-based forms. Here's how it works: an attacker identifies a form that triggers an SMS message to be sent (the "Forgot my PIN" form seems like a common target), and slams the form with thousands of requests for PINs from either one address or from a botnet of hacked computers. This could lead to leads to tens of thousands of dollars in messages costs to the aggregator and, potentially, to the phone numbers targeted. I don't know if this type of attack is common, but it's dead simple to exploit.

Suggested Articles

Here are the stories we’re chasing today.

Here are some other stories we’re following.

Here are the other stories we’re chasing today.