Full Disclosure mailing list archives
Re: Firefox: about:blank is phisher's best friend
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 22 Feb 2007 21:27:58 +0100
* Michal Zalewski:
Similarly, he could spoof a native browser-originating modal warning or dialog to have the user do something dumb. This problem was addressed by forcibly prepending current site name to window title for all URL-bar-less windows, so that the Internet origin of such a pop-up is clear, and so that it will have a hard time mimicking a native window.
This is the first time I read about the forced window title change. I hadn't noticed it earlier. Do you think this is a good enough security indicator (or indicator of origin, to be more precise)? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firefox: about:blank is phisher's best friend Michael Wojcik (Feb 19)
- <Possible follow-ups>
- Re: Firefox: about:blank is phisher's best friend Florian Weimer (Feb 22)
- Re: Firefox: about:blank is phisher's best friend Michal Zalewski (Feb 22)