« Web Application Scanners Rolling Review Ends - Only One Scanner Was Capable of Scanning the AJAX web Application....You Guessed It - IBM Rational AppScan! | Main | Untrusted Gateways - Open wireless networks »

October 23, 2007

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d835130c5153ef00e54f09f5858834

Listed below are links to weblogs that reference Favorites Gone Wild:

Comments

kuza55

Firefox has similar functionality, namely the keywords property does the same thing.

Though on Firefox its more useful since you can have URLs which look like http://www.google.com/search?q=%s so that you can do a search from the address bar.

But as you yourself said, its pretty damn obvious when the address bar changes, you might be able to fool some users, true, but it really shouldn't be an issue - malware has better ways to attack users.

Shahar Sperling

Neat.
I wanted to mention that you might be overestimating a couple of things:
1) That your average J. Q. Surfer can keep track of the favorite links, and most wont notice a new entry. Try as I might, mine usually end up in a mess.
2) That the same average person looks at the address bar past the initial typing or can understand what goes on there. Or cares, for that matter.
I would agree that getting there's the hard part. However, if you could inject an "Add to Favorite" link (XSS of some sort?), most people would be completely oblivious to the fact they were compromised.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Follow us on Twitter

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Become a Fan