Hacker News new | past | comments | ask | show | jobs | submit login

It can be used to lead you to a page that exploits the browser, before you realize you're not on the expected site.

There are, most of the time, undisclosed zero day attacks in the wild, for most browsers and plugins.

I should add that I check the URL bar when I enter information, but not always when I browse casually. I always check the target of links, though, and this could trick me.

I wouldn't be surprised if some users never read the URL bar... people who can't tell a browser from a search engine, for example.




Anyone who can place JavaScript on a page can just redirect you to the malicious site without you needing to click anything.


Indeed, my bad.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: