There has been news lately about address bar spoofing vulnerabilities in a couple of different Web browsers. What...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the issue behind these vulnerabilities? What are the best ways to prevent my websites from being spoofed and my employees from falling victim to such attacks?
While clearly a misuse of the setInterval method, the rapid reloading of a webpage every hundredth of a second causes most devices to lock up or the webpage to become unusable. Also, there is a consistent flicker in the address field. A far more viable address bar spoofing vulnerability is present in the Android Stock Browser. This browser fails to handle a 204 No Content response when combined with the window.open event; a 204 No Content error means the server successfully processed the request, but is not returning any content. There is a proof of concept that shows the URL of a legitimate site, but the content is hosted on a different domain. The Android security team already released a patch, but it is up to each telecom carrier to distribute it.
To prevent employees from being phished by such vulnerabilities, they should attend security trainings that cover these types of attack so users don't idly click on links from unknown sources.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Check out the latest on Web security best practices from SearchSecurity
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb ...continue reading
Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb ...continue reading
A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.