9 comments

[ 2411 ms ] story [ 1367 ms ] thread
Creating fake dialogue boxes and windows is nothing new, that has been around forever. Maybe using css to determine the os/browser and mimic each one’s style is the new concept. I’ll believe it when someone can show me a webpage that proves it live.
Anecdata, but I think this method is popular with Steam phishing sites. I have received a few links that mimicked the Steam web login prompt with a Windows window appareance.
This goes way back to the bad old days of 90s web popups that attempted to look like Windows dialogs.

Luckily for everyone the spammers couldn't resist the temptation to throw in a few brightly coloured police tape GIFs, radiation symbols, typos, bold fonts in about 6 sizes and otherwise generally spoil the illusion.

This is another reason I use a password manager. I will rarely ever manually type or paste my password anywhere.
My friend, who is the security-minded administrator of a somewhat huge public XMPP server, told me that he always disables Autofill/AutoType. He uses KeepAssXC and manually copy-pastes his details into forms. Said that he doesn't trust autofilling because of JavaScript exploits which would compromise his passwords. I don't recall if he mentioned it or not, but I'm pretty sure he also uses some utility that wipes his clipboard every so often (if KeepAssXC doesn't do that automatically)
This seems like it’s actually breaking his defenses when it comes specifically to phishing though since a fake site wouldn’t trigger autofill.
I'll definitely see the difference with my gtk theme lol
The article does provide a test to distinguish authentic login pages from ones spoofed via CSS:

>Genuine OAuth or payment windows are in fact separate browser instances that are distinct from the primary page. That means a user can resize them and move them anywhere on the monitor, including outside the primary window.

Using an uncommon browser with non-default settings on an uncommon OS makes me a good target for finger-printing. Seems this kind of stuff is the upside now, where I would easily spot the differences (probably, would also like to interact with a working example).