|
|
|
|
|
|
by armchairhacker
1255 days ago
|
|
|
It's not really a big advantage over existing attacks. You still need the user to be on a domain controlled by the attacker, so a user will be able to spot that e.g. they're not on their real bank website if they just look at the URL. And there are already attacks which emulate the entire look and feel of a real bank website and you can only spot with a bad URL. The key benefit of this approach is that you can put another website into your website like an iframe, and have full access to the website within your site (including e.g. reading and injecting JavaScript). But your site is still sandboxed, and users still have to be tricked into going to it in the first place. Then they need to be tricked into using the real website, inside the fake website, which at this point many people are smart enough to not do anyways. |
|
|