I agree that It's very unlikely that we would not catch it.
I know that change made my eyes jump immediately.
However, it's very likely that, given enough targets...
I am 100% confident that many of them will fall for it.
Keep in mind that this group is the group that responds to emails like
the
And you don't believe that people would think that's suspicious?
What part? The change of a URL that is not associated with the
repainting of window contents? I believe that they are very unlikely
to catch this after initially examining the URL, in absence of other
indicators (change in URL
2011/12/8 Michal Zalewski lcam...@coredump.cx:
What part? The change of a URL that is not associated with the
repainting of window contents? I believe that they are very unlikely
to catch this after initially examining the URL, in absence of other
indicators (change in URL length, page
Hello world,
Another whimsical browser proof-of-concept:
http://lcamtuf.coredump.cx/switch/
It seems that relatively few people realize that holding a JavaScript
handle to another window (either because we opened it, or because the
window was at some point displaying our content) allows the
Chrome shows this: http://pastebin.com/iNYAwkY4 in the address bar.
That's the intended effect.
/mz