Firefox ... can spoof Paypal, with a secure lock on it.
- Thread starter simms
- Start date
Worked for me on FF 0.93. Kinda scary how they can recreate menu options and locks that actually show "valid" site certs...
Errors on both FF and Mozilla on OpenBSD. The test above was on Mac OS X. Also didn't work in FF 1.0PR on Win2k3. 
It's a load of hype. Any DHTML can be used to spoof a page, you don't need to use XUL. XUL just makes it a tiny bit eaiser. Anyway, in PR1.0, you should get an always-visible status bar that shows the actual domain (or if not PR1.0, 1.0 final - I saw some discussion on this).
edit: Interesting, IE6 with XP SP2 always shows the status bar for popups. Smart.
edit: Interesting, IE6 with XP SP2 always shows the status bar for popups. Smart.
This problem has been known about for some time, and it's something that can happen to all browsers.
You just make a full screen type pop-up with java script stuff and you can recreate the appearence of any browser you'd like is one way or make a jpeg image even.. I would work on some people, how often do you click on a button just to make sure that your browser is still real?
It's more of a social engineering trick then any real browser vunerability. It doesn't work on my setup though, either the nightly build version or the 0.9.0-0.9.2 version, but I suppose it would work on 0.10PR....
However I've noticed that on secure websites the space were you type in the URL turns yellow and bright yellow padlock pops up on that. Can't miss it, I usually don't pay much attention to the indicator bar, but that yellow URL suprised me. I figured that this probably the way they figured out how to combat this sort of attack.
Everybody has known about this for a long time, old news basicly. You still have to be carefull, there are other vunerabilities in network setups and OSes that Firefox has no control over that could be used in other spoofing technics. (say, for example, a modified host file from a worm attack)
You just make a full screen type pop-up with java script stuff and you can recreate the appearence of any browser you'd like is one way or make a jpeg image even.. I would work on some people, how often do you click on a button just to make sure that your browser is still real?
It's more of a social engineering trick then any real browser vunerability. It doesn't work on my setup though, either the nightly build version or the 0.9.0-0.9.2 version, but I suppose it would work on 0.10PR....
However I've noticed that on secure websites the space were you type in the URL turns yellow and bright yellow padlock pops up on that. Can't miss it, I usually don't pay much attention to the indicator bar, but that yellow URL suprised me. I figured that this probably the way they figured out how to combat this sort of attack.
Everybody has known about this for a long time, old news basicly. You still have to be carefull, there are other vunerabilities in network setups and OSes that Firefox has no control over that could be used in other spoofing technics. (say, for example, a modified host file from a worm attack)
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter