| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41FDA228.6060501@doxdesk.com> From: and-bugtraq at doxdesk.com (Andrew Clover) Subject: Is there a 0day vuln in this phisher's site? Larry Seltzer <larry@...ryseltzer.com> wrote: > this assumes the default placement of Address Bar if I'm not mistaken, > so if the user changes their toolbar layout the popup will give itself away, > correct? Correct. In my example I deliberately window.open()ed the target with fixed toolbar options, which helps a little; the attacks in the wild aren't bothering to do that, so it's more likely the URL popup will appear in the wrong place. [You can't change an existing window's options of course, but it would be possible to pop a new window then close the original. Theoretically IE disallows window.close() on top-level windows but that's easily avoided by assigning to window.opener.] I expect the tactic could be improved slightly by reading the screen position of the work area compared to the window outer area to guess the number of toolbars in use, or something. (One could probably even spoof the entire toolbar area and SSL padlock.) I couldn't be bothered myself, but believed a dedicated phisherman might put the effort in. However, it would seem that actually they're pretty lazy too. -- Andrew Clover mailto:and@...desk.com http://www.doxdesk.com/
Powered by blists - more mailing lists