Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | commissum issues advice on link-camouflaging Javascript exploitA recently-discovered web exploit that can redirect users to malicious “phishing” pages has made it harder to stay safe when browsing the web, warns information security company commissum.
By: commissum However, the exploit discovered by Hameed is able to camouflage the URL pointed to by the link, so that while a “safe” link is shown in the status bar when the user hovers over the link, once the user actually clicks on the link the browser is sent to a completely different page. This page may be used by a hacker to steal sensitive data, such as the user’s banking login credentials, while the user remains unaware of the deception. The exploit requires only a few lines of simple Javascript code. Hameed has publicly disclosed this vulnerability, which the Open Source Vulnerability Database has catalogued as the ”Mozilla Firefox (or Google Chrome) 'a' Tag JavaScript After Click Reference Manipulation Weakness”. To date, a fix has been produced for the Opera browser, but other browsers remain vulnerable to the exploit for the time being. Hameed has suggested that browsers should be enabled to warn the user if a link would take them to a different Internet domain on clicking compared to the domain indicated on hovering. Briony Williams, a security consultant at information security firm commissum, explains: “This newly-discovered weakness highlights how important it is for users to remain alert when browsing the web, especially when about to enter sensitive data. It’s no longer enough to check the status of a link before clicking it. In fact, the safest procedure is not to click on any link that takes you to a sensitive website, such as a banking or credit card site, but simply to enter the URL manually in the address bar. That may require more work from the user, but it’s one area that hackers cannot manipulate.” commissum (see http://www.commissum.com ) is a specialist information security company based in Edinburgh, Scotland, with experience in penetration testing of infrastructure and web applications. Martin Finch, the director of commissum, added: “This exploit is a worrying development. Until all browsers are updated to disable this exploit, users may be vulnerable to ‘phishing’ End
Account Phone Number Disclaimer Report Abuse
|
|