Siyasat.pk

Bookmark Page

Express TV Live

Pakistani Hacker Awarded $5000 Finding Bug in Chrome and Fi
 
Reply to topic    Siyasat pk, Pakistani Siasat Forums, Political News Home » Non Siasi
Pakistani Hacker Awarded $5000 Finding Bug in Chrome and Fi
Author Message
zeeshan

Joined: 21 Jan 2016
Posts: 655

Pakistani Hacker Awarded $5000 Finding Bug in Chrome and Fi


Pakistani programmer, Rafay Baloch, has won a consolidated bug abundance of $5,000 in the wake of finding a blemish in how programs utilize their omnibox address bars.

He found a defenselessness with the way Chrome and Firefox render site locations, and how an assailant could possibly utilize it to trap clients into going to a phishing site.

In a blog entry, he clarified that the bug could be utilized to trick clients into feeling that the site they are going to is the genuine one, consequently making them uncover their touchy data, for example, IDs and passwords to the con artists.

All Omnibox programs could be utilized to trap clients into phishing tricks

Phishing assaults are those where the client is given a twin page to the first site. The page has the same looks and plan and tricks the client into entering their login subtle elements and other basic data. However more often than not, the site address gives away the genuine way of a phishing site as it can't be the same as the first site.

The location bar satirizing in programs works by utilizing a privilege to-left dialect, similar to Urdu, Arabic or Persian, and driving the program to render it in an unexpected way. Rafay expressed that when an unbiased right-to-left character, (for example, forward cut or whatever other exceptional character) is utilized, it can flip a web location to show it in the privilege to-left bearing.

For instance, 127.0.0.1/ا/http://google.com would show up as a privilege to left as http://google.com/‭ا/127.0.0.1.

The client would surmise that they are going by google.com. In any case, they would in actuality be going to the page from the IP address 127.0.0.1. Such connections could be covered up in spam email, tweets or abbreviated connections.

The bug is yet to be settled by generally programs

As indicated by Rafay Baloch, the up and coming renditions of Chrome 53 and Firefox 48 will alter this weakness. Until further notice there isn't much data with respect to different programs around a course of events in regards to their fix for this helplessness.
Thu Aug 18, 2016 11:14 am View user's profile Send private message
Display posts from previous:    
Reply to topic    Siyasat pk, Pakistani Siasat Forums, Political News Home » Non Siasi All times are GMT + 5 Hours
Page 1 of 1

 
   

Share with Friends

rss feed google plus

Daily Siasi Talk Shows

Hampson Russell 2024.2
Thread Starter: Pakistani Today , 10:06 AM by
gPROMS ModelBuilder v7.1.1
Thread Starter: Pakistani Today , 10:06 AM by
gohfer v9.5
Thread Starter: Pakistani Today , 10:06 AM by
GEOVIA MineSched v2024
Thread Starter: Pakistani Today , 10:06 AM by
GEOVIA GEMS v6.9
Thread Starter: Pakistani Today , 10:06 AM by
Geotomo GeoThrust 6.4 Linux
Thread Starter: Pakistani Today , 10:06 AM by
GeosuiteAllWorks v2.6
Thread Starter: Pakistani Today , 10:06 AM by
Geoplat Ai 2023
Thread Starter: Pakistani Today , 10:06 AM by
Geomodeling VVA AttributeStudio 9.1
Thread Starter: Pakistani Today , 10:06 AM by
geogiga seismic pro 9.3
Thread Starter: Pakistani Today , 10:06 AM by
 

Close x