Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment To clarify (Score 4, Interesting) 151

As the author of the cited paper, I feel that I have to clarify a few issues here: As well as Opera and Firefox, GOOGLE CHROME ALSO "suffers" from the ability to host data URIs. It just distrusts being redirected to one. IE (it is said) has a size limit to data URIs of 32 KB. However, in my tests, a ~26 KB URI was tried, unsuccessfully. The data URI phishing pages can be made in many ways, differing in how they use other data. One can make a true offline (or local) version of a web page if all linked content on the page is contained in the "root page" through yet another data URI. If the data URI web pages are presented on a computer running a related trojan program, this program may handle the communication of the "secret information" (credit card #, passwords, etc.). This can be done P2P (as in botnets) thus no need for server infrastructure. Another issue I'm discussing in my paper (http://klevjers.com/papers/phishing.pdf) is that of ownership to the data URI contents. I feel TinyURL unwittingly takes ownership of whatever content that is hosted there, as they store the entire (phishing) web page on their servers.
Security

Submission + - Phishing is possible using Data URI (klevjers.com)

hennikl writes: "Historically, phishing web pages have been hosted by web servers that are either compromised or owned by the attacker. This paper introduces a new
approach to creating working phishing web pages without the direct need of a host. The contents of the phishing web page is simply contained its own
URI (link). We present the appropriate steps to do this, and show a working example of such a phishing page."

Slashdot Top Deals

A triangle which has an angle of 135 degrees is called an obscene triangle.

Working...