Closed Thread Icon

Topic awaiting preservation: Spoofing with XUL Pages that link to <a href="https://ozoneasylum.com/backlink?for=22736" title="Pages that link to Topic awaiting preservation: Spoofing with XUL" rel="nofollow" >Topic awaiting preservation: Spoofing with XUL\

 
Author Thread
poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 07-30-2004 16:11

With XUL, it's possible to re-create the interface of website + some fake certificates and security label ( the little lock in the status bar ) to fake a sensitive site.

A demonstration of the technique is available, with a screenshot.

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted posted 07-30-2004 16:38

Scary, when someone is able to recreate any website an make this functioning they can mess up a lot...
Thank god there is a solution:

quote:
The obvious solution is to prevent Javascript from hiding the status bar by default. Secure out-of-the-box is a good thing. Microsoft is doing this to IE 6 SP2 finally.

However, even if you disallow Javascript from hiding the status bar and try it again, you'll see that it still looks nearly real. Maybe you or I won't be fooled, but I know my mother would be.



Something worth to check when you do online payments. To dissallow Javascript in FF to hide the statusbar Goto: Tools-->Options-->Web features-->Enable Javascript(with javascript off there is no problem) Choose the "advanced" button and remove the checkmark at "hide statusbar".
Personally i hae removed all chekmarks except the one to change images. I don't like people messing with my browser so i don't allow them to.

------------------------------
Support Justice for Pat Richard

« BackwardsOnwards »

Show Forum Drop Down Menu