Firefox, Opera Allow Phishing By Data URI Claims New Paper

Posted by Unknown on Monday September 3, 2012 @07:08PM from the but-it-said-it-was-a-cat-picture dept.

hypnosec writes "A student at the University of Oslo, Norway has claimed that Phishing attacks can be carried out through the use of URI and users of Firefox and Opera are vulnerable to such attacks. Malicious web pages can be stored into data URIs (Uniform Resource Identifiers) whereby an entire webpage's code can be stuffed into a string, which if clicked on will instruct the browser to unpack the payload and present it to the user in form of a page. This is where the whole thing gets a bit dangerous. In his paper, Phishing by data URI [PDF], Henning Klevjer has claimed that through his method he was able to successfully load the pages on Firefox and Opera. The method however failed on Google Chrome and Internet Explorer."

3 of 151 comments (clear)

Min score:

Reason:

Sort:

Chrome and IE by harryfeet · 2012-09-03 19:08 · Score: 0, Troll

I'm not surprised to see IE ranking well. It has grown to be one of the most secure browsers ever made. Only Chrome has something like IE. Internet Explorer has sandboxing and JIT hardening and all these things while Firefox and Opera have hardly anything (Firefox is actually the worst in this regard).
1. Re:Chrome and IE by harryfeet · 2012-09-03 20:18 · Score: 0, Troll
  
  ALERT! Don't mod up gl4ss in this thread. He is wrong. Both Chrome and IE do support data URLS. HE IS WRONG!
gusess what by Chrisq · 2012-09-03 19:50 · Score: 0, Troll

I'm not surprised to see IE ranking well.
I have a piece of shit in my toilet bowl that ranks just as well in this case. It too is incapable of opening data URLs