Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Firefox: about:blank is phisher's best friend
From: Florian Weimer (fwdeneb.enyo.de)
Date: Thu Feb 22 2007 - 14:27:58 CST
* Michal Zalewski:
> Similarly, he could spoof a native browser-originating modal warning or
> dialog to have the user do something dumb. This problem was addressed by
> forcibly prepending current site name to window title for all URL-bar-less
> windows, so that the Internet origin of such a pop-up is clear, and so
> that it will have a hard time mimicking a native window.
This is the first time I read about the forced window title change. I
hadn't noticed it earlier. Do you think this is a good enough
security indicator (or indicator of origin, to be more precise)?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/