Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. drak (drak@sn.1w6.org)'s status on Tuesday, 30-Apr-2019 10:23:08 EDT drak drak
    The inception bar: a new phishing method https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/
    In conversation Tuesday, 30-Apr-2019 10:23:08 EDT from sn.1w6.org permalink

    Attachments

    1. Invalid filename.
      The inception bar: a new phishing method
      from jameshfisher.com
      Welcome to HSBC, the world’s seventh-largest bank! Of course, the page you’re reading isn’t actually hosted on hsbc.com; it’s hosted on jameshfisher.com. But when you visit this page on Chrome for mobile and scroll a little way, the page is able to display itself as hsbc.com - and worse, the page is able to jail you in this fake browser! In this post I show how the attack works, then suggest some ways Chrome can fix this vulnerability, then finally show you how to get out if you’re still stuck here. But first, the proof:
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.