1,285
edits
Changes
Jump to navigation
Jump to search
Line 33:
Line 33: − Are there any controls in place to mitigate this? Such as restricting the browser to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)+ + +
→No URL entry box, URL spoofing
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
It is possible to escape the configured server; log in, click on search icon, click on help, a search via Google entry box is shown, and the Google search results can be navigated. There is no back button, so if you reach a page that has no links you must close help and open it again.
Should the browser be restricted to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:31, 26 May 2015 (EDT)
References:
References:
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://en.wikipedia.org/wiki/Spoofed_URL
* http://en.wikipedia.org/wiki/Spoofed_URL