Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
...So, using such approach, an adversary would be able to capture high sensitive data with not much effort compared to standard methods. It wasnít necessary for the attacker to attract the victim to a fake website with doubtful SSL certificates or deploying local proxies to intercept web connections. Quite the opposite, the user is accessing original and legitimate websites and all the interactions are working properly while data is captured and leaked. In other words, this method may subvert many security layers the victim may have in place.
...it sounds strange to me Google Chrome allowing extensions access sensitive form fields, like passwords, without asking for an additional userís approval, as well as allowing an extension to silently and autonomously establish a connection to an external entity. Additionally, browser security features that could protect user from harmful extensions can be disabled through command line arguments as in this case. ...
This campaign infection vector is a phishing e-mail with links to photos supposedly from the weekend pretending to be sent through WhatsappIt seems that despite years of warnings, some people will still click on unknown attachments in emails.