|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
April 14th, 2017
Very interesting reading, Please read through, because this article shows you how you can spoof a website and have it show as secure. I tried it, and yes, it's true. They set up their own fake site of a healthcare company, with certificate, and yes, you can actually have the same address, with a secure certificate display from firefox and chrome, but it will be a fake website. There is a fix for Firefox, but apparently, there is no fix for Chrome, and I assume that goes for Chromium as well. https://www.wordfence.com/blog/2017/...code-phishing/ Last edited by amphibious; 19th April 2017 at 03:17 PM. |
|
||||
That is interesting, it seem like they would have made the default setting true, and then the users that
need to use would /could change it,
__________________
My best friends are parrots |
|
|||
Quote:
A lot of Mozilla Firefox users are not IT professionals and don't know what is Javascript, but they want to use them. These users would blame not themselves, but Mozilla for broken Websites. It is rather understandable why Mozilla has hidden this switch.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 20th April 2017 at 09:43 AM. |
|
||||
No, this could be a good reason for having javascript on by default, but not for removing from the user interface a switch to turn javascript off entirely for who don't want it.
__________________
The world doesn't live off jam and fancy perfumes - it lives off bread and meat and potatoes. Nothing changes. All the big fancy stuff is sloppy stuff that crashes. I don't need dancing baloney - I need stuff that works. -- Theo de Raadt |
|
|||
I think that anybody who understands what he is doing disabling Javascript can found about "about:config" settings page or at least be informed enough to install NoScript extension.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security Attackers trick 162,000 WordPress sites into launching DDoS attack | J65nko | News | 0 | 12th March 2014 06:00 PM |
Security DNS flaw reanimates slain evil sites as ghost domains | J65nko | News | 0 | 16th February 2012 10:06 PM |
Phishing email used in serious RSA attack surfaces | J65nko | News | 1 | 27th August 2011 09:16 PM |
Open Source E-commerce sites under attack! | CyberJet | News | 0 | 29th July 2011 02:07 PM |
Java vulnerability - when lyric sites attack | J65nko | News | 0 | 15th April 2010 07:49 PM |