Jump to content
xisto Community
jedipi

Vulnerability Was Found In All Major Browsers Spoofing Flaw affect IE, Firefox, Safari

Recommended Posts

Oh come on! I mean, why doesn't some security "advisor" just post a security "threat" about telnet, because users can use it to log in to malicious website and hand-craft a request that sends out their grandmother's phone number to the whole world!

 

This is really stupid. Has anyone even read the ECMAScript specification to see if maybe it requires prompts to show a certain generic title? And besides, what do you want browsers to do? Make the title of prompt dialogs the same as their parent web site? Will it then be that hard for evil hackers to modify a TITLE tag to something that looks like a bank page? Come on! There's no solution for this.

 

This is purely FUD.

Share this post


Link to post
Share on other sites

You would have to be pretty newby to fall for that.Unless you some how co-incidentally visit sites often that do that, or your just clueless all together lol.

Share this post


Link to post
Share on other sites

And someone in this thread said that he is safe that he has javascript turned off, safe, but most of the sites doesn't work, to browse without javascript in my opinion these days is stupid! Of course, if you surf the web and normal pages.. :)


i agree with you with this mate.
Specially now that most websites have ajaxed themselves up.

just last december, i have stumbled on 17 websites of good quality with a ajaxed floating window for login.

***********

between normal pages and ajaxed ones.. i will go with the ajaxed ones.. it saves time and bandwitdh on some slow connections, that it if you are viewing some sort of heavy graphics site.

***********
i was dragged here thinking this tackle about this certain pesisting bug that i have read.

Share this post


Link to post
Share on other sites

I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?
To be honest, I doubt scammers will be adopting this method quite soon smile.gif

i have to agree! there is going to be only a handful of users that are going to do this, so really is not much of a problem. that said, whenever someone hears security flaw theres always something to be said - and a microsoft patch to go with it!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.