* Michal Zalewski: > Similarly, he could spoof a native browser-originating modal warning or > dialog to have the user do something dumb. This problem was addressed by > forcibly prepending current site name to window title for all URL-bar-less > windows, so that the Internet origin of such a pop-up is clear, and so > that it will have a hard time mimicking a native window. This is the first time I read about the forced window title change. I hadn't noticed it earlier. Do you think this is a good enough security indicator (or indicator of origin, to be more precise)?
