Phishing for Opera (GM#007-OP)
From: GreyMagic Software (security_at_GREYMAGIC.COM)
Date: 06/03/04
- Previous message: Ken Schaefer: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jun 2004 15:53:59 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
GreyMagic Security Advisory GM#007-OP
=====================================
By GreyMagic Software, 03 Jun 2004.
Available in HTML format at
http://security.greymagic.com/security/advisories/gm007-op/.
Topic: Phishing for Opera.
Discovery date: 16 May 2004.
Affected applications:
======================
Opera 7.50 and prior.
Introduction:
=============
Most browsers today implement a "Shortcut Icon" (favicon) feature. This
feature gives web-sites the option to add a small icon to the address bar
and/or favorites.
Opera also implements this feature. However, unlike other browsers, Opera
allows the use of icons that may be large in width.
Discussion:
===========
It is possible to use this feature in Opera to fool users into believing
that they are in a domain they trust (their bank, web-mail, etc) while
serving and receiving content in a hostile domain. Thereby enabling identity
theft, credit card scams and more.
This can be done by creating an icon that contains the text of the desired
site, which would be similar in appearance to the way Opera shows addresses
in the address bar.
This alone, however, is not enough, as it will cause the real address to
appear to the right of the fake address. Unfortunately, this too can be
circumvented by tricking Opera into showing the right-hand side of the
attacking URL, while filling that side with spaces.
The result is a very convincing fake address appearing in the address bar.
Exploit:
========
Create an image that looks like an address in Opera's address bar and use
the following element to include it in a page:
<link rel="shortcut icon" href="linkToFakeAddress.gif">
Demonstration:
==============
A proof-of-concept demonstration of this issue is available at
http://security.greymagic.com/security/advisories/gm007-op/.
Solution:
=========
GreyMagic informed Opera of the vulnerability on 19-May-2004. A new version
(7.51) was released on 03-Jun-2004 to address this problem.
Tested on:
==========
Opera 7.23.
Opera 7.50.
Disclaimer:
===========
The information in this advisory and any of its demonstrations is provided
"as is" without warranty of any kind.
GreyMagic Software is not liable for any direct or indirect damages caused
as a result of using the information or demonstrations provided in any part
of this advisory.
- Copyright © 2004 GreyMagic Software.
-----
Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
identify and fix all PC's that are exposed to the Sasser worm! Our
solution provides quick and seamless discovery and deployment of all your
PC computer's Microsoft security patching needs. Regardless of where
you're PC's reside (inside the LAN, at home or on the road), Patch
Automation gets the job done. Contact us to learn about our free 30-day
trial version at 800-344-1150 or visit our website at
<http://www.patchautomation.com>
-----
- Previous message: Ken Schaefer: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
