watching you watching us . .

Posts tagged “JavaScript

Phishing Web-Based Email Services with HTML 5

Just came across a research paper from May 2011, thanks to Joe Sylve for the work.

“.. overview of a new technique that could be used for phishing web-based email services such as Google’s Gmail and Yahoo’s Mail ..”

Phishing Web-Based Email Services with HTML 5
Joe Sylve
Department of Computer Science, University of New Orleans, 11 May 2011
http://dl.dropbox.com/u/17627038/papers/html5phishing.pdf – last access 22 September 2011 – (Full article)

/cobramark3

Advertisements

Skype for iPhone and iPod Touch: iOS Vulnerability allows comprimising the device address on reciveing a text message, just add JavaScript

Exploit in Skype on an iPhone or iPod touch, allows comprimise of your device’s address book simply by the attacker sending you a chat message. When the exploit code in the message is run, the victim’s iPhone will automatically make a new connection to a server, grabbing a larger payload, to execute and upload the iPhones entire address book file to the server.

“.. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you’ll have a fully-searchable copy of the victim’s address book.

.. failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages ..

It’s already been 48 hours since this vulnerability was first documented, and the vulnerable app is still available in the iTunes Store. It will be interesting to see how long it takes Apple and Skype to close the gaping hole ..”

“Skype for iPhone makes stealing address books a snap”
Dan Goodin, Malware, The Register UK, 20 September 2011
http://www.theregister.co.uk/2011/09/20/skype_for_iphone_contact_theft/ – last access 21 September 2011 – ( Full Article )

/cobramark3