Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: How can you be sure that you are not looking at a fake login page - Safari and MS Edge browsers can preserve the address bar and load the content from the spoofed page. This vulnerability would allow an attacker to create fake login screens or other forms that could harvest usernames, passwords and other data from users who thought they were on a real landing page

Thursday, September 13, 2018

How can you be sure that you are not looking at a fake login page - Safari and MS Edge browsers can preserve the address bar and load the content from the spoofed page. This vulnerability would allow an attacker to create fake login screens or other forms that could harvest usernames, passwords and other data from users who thought they were on a real landing page

Rafay Baloch spotted the vulnerability that could allow JavaScript to update the address bar while the page was still loading effectively causing the browser to display the intended address while loading content from the spoofed page.

Microsoft has already taken action and patched the vulnerability (CVE-2018-8383) in its Edge browser (this will help only if you are patching regularly) but Safari remains vulnerable as Apple has yet to patch

https://www.scmagazine.com/home/news/apples-safari-and-microsofts-edge-browsers-contain-spoofing-bug/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, September 13, 2018

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive