|
|
|
|
|
|
by nkrisc
1275 days ago
|
|
|
Any URL on the web could host a browser exploit that requires no interaction beyond visiting, but if I had to guess which one were most likely to, I'd put phishing links up there. > You should trust that your browser is secure enough to render random webpages. I honestly don't. Is dangerous.link/virus.exe any more dangerous than nytimes.com? Probably not. However if some 0-day, no interaction browser exploit does exist, it's easier to put the exploit on the some lookalike phishing domain rather than additionally exploit some mainstream site. Of course I can't possibly know what URLs are "safe" to click on and which ones aren't, but I'm going to guess that URLs that look like they're intended for a phishing campaign are less likely to be safe than any other. If your blog is go0gle-com.net, and someone emails or messages it to me, I'm not clicking on it and deleting the message. Most often what happens is I click some sketchy looking link on my phone and it attempts to hijack the browser with popups and history modifications and whatever other shit they do to let me know my Android iPhone is infected and must be cleaned immediately. |
|
|
If you read through stuff like the security updates for new iOS version it becomes clear that this does exist at all times. Usually most of them are likely not even not found by attackers before they're fixed, but you can never be sure. Every browser has innumerable undiscovered vulnerabilities that at any time could be discovered and exploited by an attacker. Discovering this is hard and they don't show up all that often, but you never know, even some random ad could pwn you.