I have added SpoofStick (http://www.corestreet.com/spoofstick/) to both IE and Firefox. With the Firefox spoof shown on the cited page, SpoofStick gets moved and shows blank for "You're On". Not an outstanding warning, but useful if you are watching. Thomas T. Evans, III CCNA Senior Network Manager Hawk Corporation ttevans@xxxxxxxxxxxx 216-267-7787 Ext. 500 Cell: 440-669-2526 Fax: 917-464-7241 President, MFG/Pro Midwest User Group "The difference between genius and stupidity is that genius has limits" --Albert Einstein -----Original Message----- From: Marc [mailto:md@xxxxxxxxxxx] Sent: Saturday, July 31, 2004 7:16 AM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: New possible scam method : forged websites using XUL (Firefox) The latest version of Firefox is 0.9.2. > The developers of Mozilla are currently looking into various > methods to make a fake user interface more obvious. The most > likely solution will be to force the status bar to always be > visible, as Microsoft will do with IE6 SP2. This appears to be the case with 0.9.2. The spoofed PayPal site (from http://www.nd.edu/~jsmith30/xul/test/spoof.html) cannot hide FireFox's status bar - so you get 2 status bars displayed. Even so, the site is incredibly convincing, and I suspect the average user would be understandably fooled. Since the CERT recommendation, Mozilla browsers are gaining ground. Firefox is now the browser of choice throughout the company I work for. I suspect the best defence will be to block all xul on the proxy. Marc Deglos. ----- Original Message ----- From: "David Ahmad" <da@xxxxxxxxxxxxxxxxx> To: <bugtraq@xxxxxxxxxxxxxxxxx> Sent: Friday, July 30, 2004 10:05 PM Subject: Fwd: New possible scam method : forged websites using XUL (Firefox)
