Firefox And Opera Security: Phisher Life Just Got Easier
Phishing by the data URI.
According to a report from TheRegister, Henning Klevjer, a student from Norway, has modified a somewhat old phishing technique (documented by Billy Rios and Nathan McFeters), which allows phishers to hide the entire malicious web page and transform it into a clickable link.
So what exactly is data URI? Known as the “Uniform Resource Identifier scheme”, it allows webmasters to include data in line in web pages as if they were external resources.
With the help of services like TinyURL, phisher can create a malicious page and shorten it to a length that can be easily passed by the email, Facebook or other social services.
However, while Google Chrome blocks redirection to data URIs and Internet Explorer did not load the exploited code, both Firefox and Opera were successfully compromised, according to Henning Klevjer.
Interestingly enough, such attacks are known for a long time and were used target Internet Explorer 6 and 7.
Head over to the source for more details.
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.
Subscribe
If you enjoyed this article, subscribe to receive more just like it.
That’s nonsense, because the URL still looks like “data:text/html;base64,…”.
Unless you are blind, there’s nothing more insecure in putting the web page into an URI than on a server.
Why wasn’t Safari and Maxthon tested? I’m curious to know the results.
Seems to work using memory corruption. I think I’m safe since I have Firefox running with the EMET security enhancements.
What does memory corruption have to do with this?
there is a option in opera
Settings > Preferences > Advanced > Network > >check box> “Enable automatic redirection”.
what is this?