[ISN] How script kiddies can hijack your browser to steal your password

From: InfoSec News <alerts_at_private>
Date: Mon, 3 Dec 2012 02:20:35 -0600 (CST)

By Dan Goodin
Ars Technica
Dec 2 2012

Be careful what you type on your computer while surfing the Web. It very 
well could be funneled to a script kiddie who has appropriated a handful 
of lines of code and inserted it into his site.

The hack has been possible for years, but two proofs of concept 
published this month graphically demonstrate just how easy it is for 
even savvy people to fall for it. Both demonstrations use JavaScript to 
hijack the search command found in all standard browsers. The script is 
activated when a user presses the ctrl+f or ⌘+f keys, causing whatever 
is typed after that to be sent to a server under the control of the 
website operator rather than to the browser's search box.

Proofs of concept here and here show how this method could be used to 
trick people into divulging their password or credit card number 
respectively. The pages pose as lists that catalog leaked user data and 
invite visitors to search it to see if their information is included.

To be sure, the demos are crude. The search bars that are opened are 
only a rough approximation of the search bars found in Google's Chrome 
browser. And of course, they look nothing like the search interfaces 
found in Internet Explorer, Firefox, or other browsers. But as security 
expert Bruce Schneier once noted, exploits only get better. There's 
nothing stopping a determined attacker from improving the hacks so they 
present an authentic-looking box that's customized for whatever browser 
and operating system an end user happens to be using. Other browser 
functions, such as the ctrl+s or ⌘+s save commands, could also be 
intercepted and replaced with a fake dialog box that instructs users to 
enter their administrator password.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Dec 03 2012 - 00:20:35 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 03 2012 - 00:36:50 PST