Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment To clarify (Score 4, Interesting) 151

As the author of the cited paper, I feel that I have to clarify a few issues here: As well as Opera and Firefox, GOOGLE CHROME ALSO "suffers" from the ability to host data URIs. It just distrusts being redirected to one. IE (it is said) has a size limit to data URIs of 32 KB. However, in my tests, a ~26 KB URI was tried, unsuccessfully. The data URI phishing pages can be made in many ways, differing in how they use other data. One can make a true offline (or local) version of a web page if all linked content on the page is contained in the "root page" through yet another data URI. If the data URI web pages are presented on a computer running a related trojan program, this program may handle the communication of the "secret information" (credit card #, passwords, etc.). This can be done P2P (as in botnets) thus no need for server infrastructure. Another issue I'm discussing in my paper ( is that of ownership to the data URI contents. I feel TinyURL unwittingly takes ownership of whatever content that is hosted there, as they store the entire (phishing) web page on their servers.

Submission + - Phishing is possible using Data URI (

hennikl writes: "Historically, phishing web pages have been hosted by web servers that are either compromised or owned by the attacker. This paper introduces a new
approach to creating working phishing web pages without the direct need of a host. The contents of the phishing web page is simply contained its own
URI (link). We present the appropriate steps to do this, and show a working example of such a phishing page."

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.