Phishing Attacks Using the HTML5 Fullscreen API

Feross Aboukhadijeh (developer of www.ytinstant.com) was developed a Phishing  concept using HTML 5 FullScreen Api. 

Credit: http://feross.org

 

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. (http://en.wikipedia.org/wiki/Phishing)

                                    

Many of the people associate phishing via e-mail  that mimic , banks, credit card companies. These messages look authentic and attempt to get victims personal information.

HTML 5 Full Screen API- 

 The HTML 5 Full screen API  allows  developers show web content that fills  the user’s screen completely. eg: watch a fullscreen video on YouTube.

Feross explain how this  API can works, by  hide the interface elements of the users' browser.

Most of the browsers have  user-triggerable full-screen functionality . The HTML5 Fullscreen API is differ from this. this  allows the web developer to access the  same functionality ,  trigger it programmatically. 

Eg : elementToMakeFullscreen.requestFullScreen();

Developer can trigger full screen when user clicks on a link or button .

Eg: Trigger Full screen using Jquery

$('#button').on('click', function() {
  var doc = document.documentElement;
  if (doc.requestFullscreen) {
    doc.requestFullscreen();
  }
});

Browser Notification.

Apple's Safari browser, version 6.01 and later no sign ( little ) that full-screen  activated or not. 
Google Chrome, version 22 and later some notice.

Mozilla Firefox, version 10 and later, alerts the user with a conspicuous notification.

 

Phishing Using FullScreen Api

Look at the link given bellow
kerala-techies.blogspot.com

The user can check  the link , will show www.kerala-techies.blogspot.com , as expected its good but when you click on the link  the developer (hacker) can call event.preventDefault() to prevent the default action ie  navigating to the link and able to trigger  fullscreen,  and mimic the browser , OS  and go to the fake page . This fake page look like same as the original with a green padlock for HTTPS.

Credit: http://feross.org

$('html').on('click keypress', 'a', function(event) {

  // Prevent navigation to legit link
  event.preventDefault();
  event.stopPropagation();

  // Trigger fullscreen
 

  // Show fake OS and browser UI
  $('#menu, #browser').show();

  // Show fake target site
  $('#target-site').show();
});

Full Source Code

Credit: http://feross.org
DEMO

 

The content of - Phishing Attacks Using the HTML5 Fullscreen API in Kerala Techies  has taken from Various Sources  and Analysis of our Team. This Information given by Kerala Techies.

Read More

How to download torrent anonymously

How to download torrents safely

Before one month  AGENTJADOO an Anti Piracy Agent developed by Jadootech Solutions Pvt Ltd. They said that they track ip address and details of the persons who downloaded the torrents.

 Now torent downloaders in searching to make their torrent downloading anonymous , there are many methods to make a user anonymous such as use of VPN ,bt guard, seedbox to hide some one’s ip address but here is new one called anomos. Anomos is a pseudonymous, encrypted multi-peer-to-peer file distribution protocol.we know that transfer of data takes place in BitTorrent is by peer exchange.here the anomos make advantage of this peer procees in BitTorrent with onion routing anonymization and end to end encryption.by using this approach no one can know about the peers and what they are downloading. Anomos use a format known as atorrent so transfer rate is much slower than normal bittorrent downloading and this is not compatiable with all normal torrent format

The content of -How to download torrent anonymously in Kerala Techies  has taken from Various Sources  and Analysis of our Team. This Information given by Kerala Techies.

Read More

Bad Piggies - From the creators of Angry Birds

Bad Piggies -Flying Piggies - From the creators of Angry Birds

 From the creators of Angry Birds -(Rovio) latest game released - Bad Piggies. This is very interesting and funny puzzle game .

 Story

The Bad Piggies   at last found a map to the birds eggs, but unfortunately  now that maps parts are  in different parts of  Piggy Island. the King Pig give order to his subordinate to find and recover the map ,even from the the bottom of a cave or top of a mountain.

Now available only  in 

Google Play 

 App Store

 PC 

Mac download

But it has not yet made  Chrome application. this piggies  set a new record - top of the charts within  three hours after release.

FAKE BAD PIGGIES

The Rovio not publish any Google chrome version of bad piggies. now hackers added fake bad piggies to  Chrome Web Store  with  a phishing plug-in that may   injected an unwanted adware program into Chrome browsers.The lack of a free online version. Just few days after the game launched,we can  found seven free versions of the games in the Google Chrome web store(at the time of writing).

scientist from  Barracuda Networks finds that all these games are  distributed by the  playook.info. After the  installation, the fake games insert their own advertisements into  websites.

Read More

is ATM Machines secure???

            Some researchers in cambridge university found that the chip and PIN system employed in ATM Machines are also vulnerable to attack. A fault in the EMV protocol used in Point Of Sale (POS) terminals and Automated Teller Machine (ATMs), for authenticating credit and debit card transactions allows attackers to make fake transitions. EMV protocol is a joint venture of Europay, MasterCard and Visa to ensure security and global interoperability so that Visa and MasterCard cards can continue to be accepted everywhere.researchers make advantage of the poor encryption standards used in ATM Machines.Using the EMV protocol, atm machines and similar devices generate  a unique number for the transaction Here the researchers found a fault in the software which make the unique number in the machines and they prove that one can predict the random number generated for transactions.simply any one  who stolen your ATM Card can make transactions using your card.

Read Full research paper Click here 

Read More

Alert From Microsoft to all Internet Explorer Users

IE vulnerability

Microsoft has advised all   Windows users to install a free security software(Click here to Download) to protect their PCs from a newly discovered vulnerability in its Internet Explorer browser.

a researcher in Luxemburg, discovered it on Friday after finding his computer infected by the Poison Ivy Trojan, used by hackers to gain remote access to their victims' computers to steal data.Poison Ivy exploits a “use-after-free vulnerability” in IE that enables a hacker to create an image URL referencing uninitialized memory. This corrupts the memory and once completely executed gives the attacker remote access with the same permissions as the current user.

Read More