Topic awaiting preservation: Spoofing with XUL (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22736" title="Pages that link to Topic awaiting preservation: Spoofing with XUL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Spoofing with XUL <span class="small">(Page 1 of 1)</span>\$

poi Paranoid (IV) Inmate From: France Insane since: Jun 2002	posted 07-30-2004 16:11 With XUL, it's possible to re-create the interface of website + some fake certificates and security label ( the little lock in the status bar ) to fake a sensitive site. A demonstration of the technique is available, with a screenshot.
Rinswind 2th Maniac (V) Inmate From: Den Haag: The Royal Residence Insane since: Jul 2000	posted 07-30-2004 16:38 Scary, when someone is able to recreate any website an make this functioning they can mess up a lot... Thank god there is a solution: quote: The obvious solution is to prevent Javascript from hiding the status bar by default. Secure out-of-the-box is a good thing. Microsoft is doing this to IE 6 SP2 finally. However, even if you disallow Javascript from hiding the status bar and try it again, you'll see that it still looks nearly real. Maybe you or I won't be fooled, but I know my mother would be. Something worth to check when you do online payments. To dissallow Javascript in FF to hide the statusbar Goto: Tools-->Options-->Web features-->Enable Javascript(with javascript off there is no problem) Choose the "advanced" button and remove the checkmark at "hide statusbar". Personally i hae removed all chekmarks except the one to change images. I don't like people messing with my browser so i don't allow them to. ------------------------------ Support Justice for Pat Richard

Topic awaiting preservation: Spoofing with XUL (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22736" title="Pages that link to Topic awaiting preservation: Spoofing with XUL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Spoofing with XUL <span class="small">(Page 1 of 1)</span>\$

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted 07-30-2004 16:11

With XUL, it's possible to re-create the interface of website + some fake certificates and security label ( the little lock in the status bar ) to fake a sensitive site.

A demonstration of the technique is available, with a screenshot.

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted 07-30-2004 16:38

Scary, when someone is able to recreate any website an make this functioning they can mess up a lot...
Thank god there is a solution:

quote:
The obvious solution is to prevent Javascript from hiding the status bar by default. Secure out-of-the-box is a good thing. Microsoft is doing this to IE 6 SP2 finally.

However, even if you disallow Javascript from hiding the status bar and try it again, you'll see that it still looks nearly real. Maybe you or I won't be fooled, but I know my mother would be.

Something worth to check when you do online payments. To dissallow Javascript in FF to hide the statusbar Goto: Tools-->Options-->Web features-->Enable Javascript(with javascript off there is no problem) Choose the "advanced" button and remove the checkmark at "hide statusbar".
Personally i hae removed all chekmarks except the one to change images. I don't like people messing with my browser so i don't allow them to.

------------------------------
Support Justice for Pat Richard

Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
*WARNING* BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail

Maximum Security

OZONE

DHTML/Javascript

Server-Side Scripting - Oh my!

CSS - DOM - XHTML - XML - XSL - XSLT

Stupid Basic HTML

Visual Therapy

Photoshop

Photoshop Pong, Anyone?

***WARNING*** BIG SIG APPROACHING

Photography

3D Modelling & Rendering