On Fri, Sep 19, 2014, at 08:55 AM, Tom Ritter wrote: > The way I'd exploit it is by sending you a link via > email/txt/chatsecure when I think/hope you're on your phone with some > enticing subject like "Someone just dropped a ChatSecure 0day on > ExploitDB. That link would send you to a page with some nonsense text > that's really long for you to read through. Meanwhile I stuck a > couple of iframes hidden on the page that frame gmail, facebook, > whatever else is interesting. Anything you're logged in to would > allow full page extraction - all your emails, facebook info, etc etc. > Add with some crawling through the html and you could extract > near-limitless information so long as the victim kept the page open.
Ah, right, thanks. Glad to have devious, criminal minded friends like you around, Tom! _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
