lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 2 Aug 2004 09:02:02 -0400
From: "Thomas T. Evans, III" <ttevans@...kcorp.net>
To: <bugtraq@...urityfocus.com>
Subject: RE: New possible scam method : forged websites using XUL (Firefox)


I have added SpoofStick (http://www.corestreet.com/spoofstick/) to both IE
and Firefox. With the Firefox spoof shown on the cited page, SpoofStick gets
moved and shows blank for "You're On". Not an outstanding warning, but
useful if you are watching.


Thomas T. Evans, III CCNA
Senior Network Manager
Hawk Corporation
ttevans@...kcorp.net
216-267-7787 Ext. 500
Cell: 440-669-2526
Fax: 917-464-7241
President, MFG/Pro Midwest User Group

"The difference between genius and stupidity is that genius has limits"
--Albert Einstein
 



-----Original Message-----
From: Marc [mailto:md@...ensa.com] 
Sent: Saturday, July 31, 2004 7:16 AM
To: bugtraq@...urityfocus.com
Subject: Re: New possible scam method : forged websites using XUL (Firefox)

The latest version of Firefox is 0.9.2.

> The developers of Mozilla are currently looking into various
> methods to make a fake user interface more obvious.  The most
> likely solution will be to force the status bar to always be
> visible, as Microsoft will do with IE6 SP2.

This appears to be the case with 0.9.2.
The spoofed PayPal site (from
http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's
status bar - so you get 2 status bars displayed.

Even so, the site is incredibly convincing, and I suspect the average user
would be understandably fooled.

Since the CERT recommendation, Mozilla browsers are gaining ground.  Firefox
is now the browser of choice throughout the company I work for.

I suspect the best defence will be to block all xul on the proxy.

Marc Deglos.


----- Original Message -----
From: "David Ahmad" <da@...urityfocus.com>
To: <bugtraq@...urityfocus.com>
Sent: Friday, July 30, 2004 10:05 PM
Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ