[Chugalug] this ain't kosher:LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts
jnylen at gmail.com
Sun Sep 22 19:50:55 UTC 2013
The easiest way I know of is to convince the owner of a domain to load a
script you control. Once you do that, technically all bets are off and you
can capture any interaction with that domain.
How many pages do you visit that have those Facebook like / Tweet / Google
+1 buttons on them? Yeah... I think those scripts are worth blocking.
On Sat, Sep 21, 2013 at 2:30 PM, William Roush
<william.roush at roushtech.net>wrote:
> I'll bite, how DO you gain control of a window you didn't spawn in
> I could see it being done with other technologies (ex: java applets?) or
> other exploits (XSS/CSRF), but I'd figure those would seem to be a lot
> easier to detect and we'd have evidence before this even came out.
> William Roush
> On 9/21/2013 2:03 PM, Mike Harrison wrote:
>> I'd like to know what they mean by that... cross-window, cross-domain
>>> exploits? Aren't those nearly impossible on any modern browser?
>> Not impossible, but I'm waiting for a better explaination of what really
>> happened. LinkedIn and other social media sites are often confusing to some
>> people, and they click [yes] and enter passwords without thought.
>> It might be as simple as morons that use the same password for email as
>> things like LinkedIn, Facebook..
>> Chugalug mailing list
>> Chugalug at chugalug.org
> Chugalug mailing list
> Chugalug at chugalug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug