Get a Pentest and security assessment of your IT network.

News

The curse of inverse strokejacking

A rogue site can put an unrelated, third-party web application in a hidden frame – and then, by offering some seemingly legitimate functionality, entice the user to type in a body of text. As the user is typing, the attacker is free to examine key codes from within the onkeydown handler – and when desired, momentarily move focus to said hidden frame, causing the actual onkeypress event to be routed there instead. The trick essentially permits arbitrary, attacker-controlled input to be synthesized on the targeted site.”]

Source: http://lcamtuf.blogspot.com/2010/06/curse-of-inverse-strokejacking.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Vulnerabilities In Alibaba threatens security of million users

News

Russian cybercriminal Roman Seleznev gets another prison sentence