Yet another usability attack: GIF+JAR from Luis Barriga on 2008-08-12 (public-wsc-wg@w3.org from August 2008)

From: Luis Barriga <luis.barriga@ericsson.com>
Date: Tue, 12 Aug 2008 10:32:56 +0200
To: <public-wsc-wg@w3.org>
Message-ID: <1C6A13C92F510849B72272A71F9F3BCB040B872E@esealmw105.eemea.ericsson.se>

"A photo that can steal your Facebook account"
http://www.computerworld.com/action/article.do?command=viewArticleBasic&
articleId=9111298
... Here's how an attack would work: A bad guy would create a profile on
a popular Web site -- Facebook, for example -- and upload his GIFAR
(GIF+JAR) as an image on the site. Then he'd trick a victim into
visiting a malicious Web site, which would tell the victim's browser to
go open the GIFAR. At that point, the applet would run in the browser,
providing the hacker access to the victim's Facebook account.

Received on Tuesday, 12 August 2008 08:42:34 UTC