Related Research Articles
Dynamic HTML, or DHTML, is a term which was used by some browser vendors to describe the combination of HTML, style sheets and client-side scripts that enabled the creation of interactive and animated documents. The application of DHTML was introduced by Microsoft with the release of Internet Explorer 4 in 1997.
JavaScript, often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2023, 98.7% of websites use JavaScript on the client side for webpage behavior, often incorporating third-party libraries. All major web browsers have a dedicated JavaScript engine to execute the code on users' devices.
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.
Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.
Pop-up ads or pop-ups are forms of online advertising on the World Wide Web. A pop-up is a graphical user interface (GUI) display area, usually a small window, that suddenly appears in the foreground of the visual interface. The pop-up window containing an advertisement is usually generated by JavaScript that uses cross-site scripting (XSS), sometimes with a secondary payload that uses Adobe Flash. They can also be generated by other vulnerabilities/security holes in browser security.
URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain, as when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org.
Windows Internet Explorer 7 (IE7) is a web browser for Windows. It has been retired on all Windows versions except Windows Embedded Compact 2013. It was released by Microsoft on October 18, 2006, as the seventh version of Internet Explorer and the successor to Internet Explorer 6. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser since 2001. It was the default browser in Windows Vista and Windows Server 2008, as well as Windows Embedded POSReady 2009, and can replace Internet Explorer 6 on Windows XP and Windows Server 2003, but unlike version 6, this version does not support Windows 2000, Windows ME, or earlier versions of Windows. It also does not support Windows 7, Windows Server 2008 R2 or later Windows Versions.
Meta refresh is a method of instructing a web browser to automatically refresh the current web page or frame after a given time interval, using an HTML meta element with the http-equiv parameter set to "refresh" and a content parameter giving the time interval in seconds. It is also possible to instruct the browser to fetch a different URL when the page is refreshed, by including the alternative URL in the content parameter. By setting the refresh time interval to zero, meta refresh can be used as a method of URL redirection.
3-D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the "three domains" which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain.
This article details features of the Opera web browser.
Aza Raskin is the co-founder of the Center for Humane Technology and of the Earth Species Project. He is also a writer, entrepreneur, inventor, and interface designer. He is the son of Jef Raskin, a human–computer interface expert who was the initiator of the Macintosh project at Apple.
Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.
Firebug is a discontinued free and open-source web browser extension for Mozilla Firefox that facilitated the live debugging, editing, and monitoring of any website's CSS, HTML, DOM, XHR, and JavaScript.
Mozilla Firefox 2 is a version of Firefox, a web browser released on October 24, 2006 by the Mozilla Corporation.
Clickjacking is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.
SIGAINT was a Tor hidden service offering secure email services. According to its FAQ page, its web interface used SquirrelMail which does not rely on JavaScript. Passwords couldn't be recovered. Users received two addresses per inbox: one at sigaint.org for receiving clearnet emails and the other at its .onion address only for receiving emails sent from other Tor-enabled email services. Free accounts had 50 MB of storage space and expired after one year of inactivity. Upgraded accounts had access to POP3, IMAP, SMTP, larger size limits, full disk encryption, and never expired.
Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance. The goal of the project is to standardize an interface for authenticating users to web-based applications and services using public-key cryptography.
References
- ↑ Claburn, Thomas (2010-05-25). "Tabnapping attack makes phishing easy". Information Week. Retrieved 2012-02-19.
- ↑ "Aza Raskin's original tabnabbing disclosure". Azarask.in. 2010-05-25. Retrieved 2012-02-19.
- ↑ Christina Warren 164 (2010-05-25). "New Type of Phishing Attack Goes After Your Browser Tabs". Mashable.com. Retrieved 2012-02-19.
- ↑ Adler, Eitan (2010-05-30). "Eitan Adler's thoughts: Tabnabbing Without Javascript". Blog.eitanadler.com. Retrieved 2012-02-19.
- ↑ "NoScript 1.9.9.81 changelog announcing specific tabnapping protection". Noscript.net. Retrieved 2012-02-19.