Results 1 to 5 of 5

Thread: Firefox spoof demonstration

  1. July 30th, 2004, 09:50 PM #1
    SDK
    SDK is offline
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Firefox spoot demonstration

    Link : http://www.nd.edu/~jsmith30/xul/test/spoof.html
    -Simon \"SDK\"
    Reply With Quote Reply With Quote
  2. July 31st, 2004, 09:31 AM #2
    slarty
    slarty is offline
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Is there anything that stops this from being done in IE?

    Probably not.

    The browser lets the page render pretty much anything. Ok, so in IE it would be harder because there is no XUL, you could still fake it with lots of images and Javascript.

    Slarty
    Reply With Quote Reply With Quote
  3. July 31st, 2004, 09:37 AM #3
    pooh sun tzu
    pooh sun tzu is offline
    Banned
    Join Date
    Jan 2004
    Posts
    881
    A huge give away to keep an eye out for is if it stops displaying the URLs as you hover over them in the status bar on the bottom. That, and if you are using windows it seems to still display the images for the window resize used in Gnome/KDE (bottom right)

    Nice hack though.
    Reply With Quote Reply With Quote
  4. July 31st, 2004, 11:02 AM #4
    thehorse13
    thehorse13 is offline
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    While this and other spoofs of the like are reasonably easy for IT people to spot, what makes them particularly disturbing is the tremedous amount of success they have against your typical end user. Whenever I see something like this, I typically look at it from the perspective of how likely my end users will be fooled.

    Thanks for the link.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
    Reply With Quote Reply With Quote
  5. July 31st, 2004, 01:20 PM #5
    pooh sun tzu
    pooh sun tzu is offline
    Banned
    Join Date
    Jan 2004
    Posts
    881

    how to prevent this

    The primary problem is that Javascript allows windows without controls to be displayed. So, let's defeat that (hail firefox configuration ability!):

    1. Put
    about:config
    in the address bar. note, remove the space that AO puts between about and : !!!

    2. And then in the second address bar (the search filter)put:
    dom.disable_window_
    A list of items should show up.

    Then change all those entries to the following values (or look up how to make a user.js file on Google):

    dont change this one!!
    dom.disable_window_flip = false
    change the rest below here
    dom.disable_window_move_resize = true
    dom.disable_window_open_feature.close = true
    dom.disable_window_open_feature.directories = true
    dom.disable_window_open_feature.location = true
    dom.disable_window_open_feature.menubar = true
    dom.disable_window_open_feature.minimizable = true
    dom.disable_window_open_feature.personalbar = true
    dom.disable_window_open_feature.resizable = true
    dom.disable_window_open_feature.scrollbars = true
    dom.disable_window_open_feature.status = true
    dom.disable_window_open_feature.titlebar = true
    dom.disable_window_open_feature.toolbar = true
    dom.disable_window_status_change = true
    Sure, the graphics are still there, but now you have TWO sets of toolbars (since we removed JS's ability to remove toolbars) and can easily smell something fishy.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules