oss-sec mailing list archives
Re: virtual consoles
From: Georgi Guninski <gguninski () gmail com>
Date: Tue, 3 Dec 2019 07:54:54 +0200
On Mon, Dec 2, 2019 at 7:13 PM Tavis Ormandy <taviso () gmail com> wrote:
Hey List, we were discussing simple screen spoofing attacks today, and whether we consider it a vulnerability or just social engineering. For example, this paper on tricks Android malware can use to trick the user into granting permissions to the wrong app.
Precedence in mobile code: 1. This exists in Android 9, I had hard time exiting fullscreen video player 2. Mozilla fixed similar bug about 15 years ago. 3. In 2001 internet exploder was remotely vulnerable and hitting control-alt-del was not easy: https://www.dslreports.com/forum/r1651258-Javascript-in-IE-may-spoof-the-whole-screen http://www.guninski.com/popspoof.html
Current thread:
- virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Solar Designer (Dec 02)
- Re: virtual consoles Tavis Ormandy (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Leonid Isaev (Dec 02)
- Re: virtual consoles Georgi Guninski (Dec 03)
- Re: virtual consoles Simon McVittie (Dec 03)
- Re: virtual consoles Tavis Ormandy (Dec 03)
- Re: virtual consoles Solar Designer (Dec 02)