NoOp wrote:
On 08/12/2010 12:54 PM, Beverly Howard wrote:
>> proof of concept<<
I assumed (and hoped) that it was innocent, but, as it would work when
malicious, I got pulled off the page before I had time to read far
enough to get to the full explanation of what _was_ going to happen.
When I returned to the tab, there as the bogus page. imho, the user
should have been offered the option of experiencing the phish rather
than having it execute on the page reporting on the possibility. It was
pretty disturbing, albeit educational.
Beverly Howard
<quote>
Try it Out
You can try it out on this very website (it works in all major
browsers). Click away to another tab for at least five seconds. Flip to
another tab. Do whatever. Then come back to this tab.
</quote>
You switched away from the tab (either to a different tab, to check this
newsgroup, email, whatever). Try sitting on the tab without switching
away; you can read the entire article, go get coffee, do what you wish.
The code won't activate until you switch away from it; that's the actual
point the author is making.
I was still reading the page when, before my eyes, it changed!!
Daniel
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
