Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page Firefox, Opera allow crooks to hide an entire phish site in a link
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old September 3rd, 2012, 09:16 PM
LoneWolf's Avatar
LoneWolf LoneWolf is offline
Massive Poster
  
Join Date: Jan 2006
Posts: 3,132
Default Firefox, Opera allow crooks to hide an entire phish site in a link
Quote:
A shortcoming in browsers including Firefox and Opera allows crooks to easily hide an entire malicious web page in a clickable link - ideal for fooling victims into handing over passwords and other sensitive info.
Usually, so-called "phishing attacks" rely on tricking marks into visiting websites designed by criminals to masquerade as banks and online stores, thus snaffling punters' credentials and bank account details when they try to use the bogus pages. However this requires finding somewhere to host the counterfeit sites, which are often quickly taken down by hosting companies and the authorities or blocked by filters.

Instead, the malicious web pages can be stored in data URIs - uniform resource identifiers, not to be confused with URLs - which stuff the web code into a handy string that when clicked on, instructs the browser to unpack the payload and present it as a page.


http://www.theregister.co.uk/2012/09...t_hosts_peril/
__________________
May you fly straight to heaven - but if you go to Hades - may Lethe run with Guinness
  #2  
Old September 3rd, 2012, 11:16 PM
siljaline's Avatar
siljaline siljaline is offline
Security Expert
  
Join Date: Jun 2003
Location: Montréal, Canada
Posts: 4,138
Post Re: Firefox, Opera allow crooks to hide an entire phish site in a link
This Sans handler diary explains more.
  #3  
Old September 4th, 2012, 02:39 AM
gerardwil gerardwil is offline
Massive Poster
  
Join Date: Jan 2004
Posts: 4,509
Default Re: Firefox, Opera allow crooks to hide an entire phish site in a link
Quote:
Originally Posted by siljaline
This Sans handler diary explains more.

I do not find "more"
It is still about Henning Klevjer's paper.
  #4  
Old September 4th, 2012, 07:10 AM
Mrkvonic Mrkvonic is offline
Linux Systems Expert
  
Join Date: May 2005
Posts: 7,432
Default Re: Firefox, Opera allow crooks to hide an entire phish site in a link
How's this any different from any other scam?
Mrk
__________________
http://www.dedoimedo.com

All your base are belong to us

Linux Systems Expert / Systems Programmer, Linux System Administrator, LPIC-1, LPIC-2 (WIP), GSEC, CCHD, CCHA
  #5  
Old September 4th, 2012, 01:20 PM
siljaline's Avatar
siljaline siljaline is offline
Security Expert
  
Join Date: Jun 2003
Location: Montréal, Canada
Posts: 4,138
Post Re: Firefox, Opera allow crooks to hide an entire phish site in a link
Perhaps this from Sophos, otherwise, it's all I have.
Quote:
However, he says that sophisticated attackers could also sneak the phished data out using a specially-crafted DNS request that would transfer the sniffed login credentials to the log file of a remote system.

Klevjer said the URI attack method could gain adherents among sophisticated attackers who are looking for a way around traffic and reputation monitoring and filtering systems. He said it also raises important questions about who “owns” the malicious data used in a URI based attack.

If URL shorteners are used, for example, the malicious content is now located within a link. Kelvjer told Naked Security:
“This fact transfers liability to the URL shortening services hosting the redirection”
More
Quote:
Originally Posted by gerardwil
I do not find "more"
It is still about Henning Klevjer's paper.
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 07:44 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums