There has been news lately about address bar spoofing vulnerabilities in a couple of different Web browsers. What...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the issue behind these vulnerabilities? What are the best ways to prevent my websites from being spoofed and my employees from falling victim to such attacks?
While clearly a misuse of the setInterval method, the rapid reloading of a webpage every hundredth of a second causes most devices to lock up or the webpage to become unusable. Also, there is a consistent flicker in the address field. A far more viable address bar spoofing vulnerability is present in the Android Stock Browser. This browser fails to handle a 204 No Content response when combined with the window.open event; a 204 No Content error means the server successfully processed the request, but is not returning any content. There is a proof of concept that shows the URL of a legitimate site, but the content is hosted on a different domain. The Android security team already released a patch, but it is up to each telecom carrier to distribute it.
To prevent employees from being phished by such vulnerabilities, they should attend security trainings that cover these types of attack so users don't idly click on links from unknown sources.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Check out the latest on Web security best practices from SearchSecurity
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and ...continue reading
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what ...continue reading
A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.