Minerva Studio - Fotolia
There has been news lately about address bar spoofing vulnerabilities in a couple of different Web browsers. What is the issue behind these vulnerabilities? What are the best ways to prevent my websites from being spoofed and my employees from falling victim to such attacks?
While clearly a misuse of the setInterval method, the rapid reloading of a webpage every hundredth of a second causes most devices to lock up or the webpage to become unusable. Also, there is a consistent flicker in the address field. A far more viable address bar spoofing vulnerability is present in the Android Stock Browser. This browser fails to handle a 204 No Content response when combined with the window.open event; a 204 No Content error means the server successfully processed the request, but is not returning any content. There is a proof of concept that shows the URL of a legitimate site, but the content is hosted on a different domain. The Android security team already released a patch, but it is up to each telecom carrier to distribute it.
To prevent employees from being phished by such vulnerabilities, they should attend security trainings that cover these types of attack so users don't idly click on links from unknown sources.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Learn more about website spoofing and how to securely install your Web server OS and services
Check out the latest on Web security best practices from SearchSecurity
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading