Hacker News new | past | comments | ask | show | jobs | submit login

This is smart but nothing new in the sense that people have used fake antivirus warnings, fake windows error messages, etc for years now to push you to click on some sort of buttons which would then lead you to a binary install with spyware.



Firefox's html warnings in the browser's content window seem to make this particularly easy, though.


Yeah, I'd like to see these warnings move out of the HTML space and into the chrome in some difficult to mimic fashion.


This is already happening for a long time. I remember some ad banners which looked like message boxes or download dialogs in Windows XP style.

(... which were easy to spot for me, because I'm using a completely different system)


You're right. But something like this would be harder to fake: http://www.mozilla.com/en-US/img/tignish/features/security-i...


Yes and no. Mozilla's a bit screwed on this front, because they use XUL to render their interface - and, critically, the browser can render XUL pages. I don't have FF installed on this machine, but you should still be able to check it out at http://www.faser.net/mab/remote.cfm to see a demo of the feature.

It's a pretty cool feature, but it means that on Firefox, attackers should be able to emulate basically any chrome they want to.


To demonstrate, go to chrome://browser/content/browser.xul in firefox


Remote XUL is disabled in Firefox 4.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: