Re: Firefox: about:blank is phisher's best friend
* Michal Zalewski:
> Similarly, he could spoof a native browser-originating modal warning or
> dialog to have the user do something dumb. This problem was addressed by
> forcibly prepending current site name to window title for all URL-bar-less
> windows, so that the Internet origin of such a pop-up is clear, and so
> that it will have a hard time mimicking a native window.
This is the first time I read about the forced window title change. I
hadn't noticed it earlier. Do you think this is a good enough
security indicator (or indicator of origin, to be more precise)?
討論串 (同標題文章)
完整討論串 (本文為第 4 之 5 篇):