Browser POC's to test

They either didn't work, or didn't fool me. Try 'em & see how you fare

BTW - Tested on FFv3.6.14 with & without JavaScripting etc

 

Obviously it didn't fool you, you tested yourself. It's like saying "I'm a chair... haha I don't believe that for a second."

Real world if someone on Wilders linked to "an important flash update" that was really a virus I'm fairly certain a large portion of this site would get infected.

 

Link 1 did absolutely nothing, TorBrowser blocked both popups, and noscript asked for me to follow a redirect to Adobe.com but as the the windows of maliciousness were unable to open it was pointless though I can see the issue presented.

Link 2 was interesting in the fact that TorBrowser (My web browser) as Access to Memory and Disk cache is forbidden. This would be easily exploited in normal Firefox. I use TorBrowser for all my browsing but I have Waterfox limited to access only a specific list of Grooveshark/Youtube IPs (all other traffic is blocked and HTTP/S is blocked system wide and exceptions are made as necessary). This if anything should prove that cache access (As it is) is flawed and needs to be secured by ensuring only the site which cached the data may access it.

Link 3 is this the same as number one? Same thing happened:

1. Click button
2. Asked to redirect to adobe.com
3. Redirect
4. Adobe.com opens in new tab and becomes the focus
5. 2 Popups blocked on initial page.

I must say this was fun though.

 

3rd link- easily spotted from the firefox 13 'from' section in the download window, but yes most people would fall for this

could someone please explain what the second link is doing/showing?

 

The second link starts out as the legit webpage with the URL showing that website. It then changes after a few seconds. From the source:

 

ok thanks

 

Nothing happened in the second link for me.

 

You should see this address in the address bar, right?
banking.beaver-peak.us

In my case I see something else:
banking.coredump.cx/us/

Is the POC working then?