Safari dialog box spoofing security advisory

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Oct 21, 2004.

  1. macrumors bot

    Joined:
    Jul 5, 2003
    #1
  2. macrumors 6502a

    aarond12

    Joined:
    May 20, 2002
    Location:
    Dallas, TX USA
    #2
    Ho hum...

    Yawn. What are they trying to prove again? Am I missing something, or is this just basic Javascript that could be used to "spoof" any browser?

    -Aaron-
     
  3. macrumors newbie

    Joined:
    Nov 24, 2003
    Location:
    Canada
    #3
    yup

    Does what it says in WindowsXPsp2 with Firefox!!

    and...
     
  4. Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    Whakatane, New Zealand
    #4
    You'd better upgrade then, Firefox has been patched already.

    Edit: Well, that's what I'd heard, but I have the latest patches and it still seems to be 'susceptible' :confused:
     
  5. macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #5
    It's really more of an interface problem than anything. The dialog boxes don't identify the window or tab that own them.

    Some of the related problems found in other browsers are considerably worse, because there's no visible indication of anything unusual happening at all; e.g. keystrokes can be captured.
     
  6. macrumors 6502

    Joined:
    Jun 5, 2003
    #6
    Funny; In Camino this only works in tabs and not with a new window.
     
  7. macrumors newbie

    Joined:
    Jan 14, 2003
    #7
    IE 6 on Win XP is effected as well...

    Again, yawn...
     
  8. macrumors 6502

    nsb3000

    Joined:
    Jun 17, 2003
    Location:
    Boston, MA
    #8

    How often do you really enter info into a Popup anyway. I feel like these security companies are just out on a fishing expedition...


    -Nathaniel
     
  9. macrumors 68020

    mainstreetmark

    Joined:
    May 7, 2003
    Location:
    Saint Augustine, FL
    #9
    This is retarded. Questionable websites can pop a javascript box?

    So, first, I have to go to a questionable website and leave it open. Then, I have to go directly to a reputable website in another window. Then the first window pops a dialog in hopes that the stupid user will think it's from the new website?

    This is hardly an exploit. Spoof websites are much more dangerous than this.
     
  10. macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #10
    Yep, now consider how easy it would be to confuse one of those with a standard login dialog. This won't catch too many experienced users, but there is no shortage of inexperienced and otherwise nontechnical users using the Mac platform.
     
  11. macrumors 68000

    musicpyrite

    Joined:
    Jan 6, 2004
    Location:
    Cape Cod
    #11
  12. macrumors 6502

    Joined:
    Mar 1, 2002
    Location:
    South Australia
    #12
    When the Dialogue box pops up, it switches back to the Secunia tab, so I don't see the problem.
     
  13. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #13
    Minor, yes, Worth fixing? Sure.
     
  14. macrumors 6502a

    macridah

    Joined:
    Feb 18, 2004
    Location:
    Nor-Cal
    #14
    I don't think i would fall for that trick cause i only go through my bookmarks for sites like that, but I would definitely patch that flaw.
     
  15. macrumors regular

    Joined:
    Jun 17, 2003
    Location:
    Calgary, Alberta
    #15
    Funny how this spoof advisory has appeared now. Did no one figure out that this *could* happen back in the days Netscape still ruled the web?

    It's not that hard to do, and what I find annoying about Secunia is that it is presented as if it's a brand new flaw. It's not. It's just finally pointed out. So good on them for doing that.
     
  16. macrumors member

    Joined:
    Oct 1, 2003
    Location:
    Atlanta, GA
    #16
    \/\/hatever

    Secunia fails to report that this effects many other browsers too.

    Isn't this the same company that MS paid to do research and report that Windows is just as secure as Linux and Mac? They are reaching for anything they can to try and cast doubt on the Mac platform.
     
  17. macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #17

Share This Page