A popular certification phishing test in open-source China

Recently, this is a very popular issue. Authentication phishing is caused by a problem of referencing network images. Currently, there is only one solution, that is, network images cannot be referenced, if you think of a better solution for developing kids shoes, you may want to share them, because it has a huge impact, including qq, Baidu, Renren, and other famous websites. However, why does chrome play only when it enters the current page without a click? Daniel can study it. First, I need to find a place that can reference network images. In fact, this is not a reference, you just need to insert the image as img src = "and then refresh the page to see the effect. Because the specified image address references an http authentication, a phishing authentication is triggered when the page is re-opened, A non-intrusive user finds that he wants to connect to www.oschina.net and enters the user name and password of the website. After clicking "OK", the password will be sent to me, this is because I did this phishing certification. Let's take a look at the effect. It seems that I have received the username and password of oschina, which has been replaced by someone, well, log in and send a message to see if this is a message I sent using the user name and password I just received, because I contacted sweet potato before the test, but he went to Zhou Gong, so send a message and then. Now that the test was successful, programmers found this situation and posted a post. It seems that programmers are still very sensitive, but it also shows that they lack security knowledge, I don't know if this is an authenticated phishing scam. The test ended. After I contacted sweet potato to clarify the matter the next day, sweet potato made a stick on the home page. It seems that he also realized the seriousness of the problem, after all, his website can still post at least the content, which is basically popularized in oschina in terms of security, and my goal has also been achieved, I personally think that starting with programmers is the best way. After that, the user name and password will be tested in the QQ space and Baidu Post Bar.Solution:

Sweet potato preparation cannot directly reference out-of-site images, and sweet potato is also welcome to popularize all kinds of security knowledge for programmers. Isn't that the goal of being unhats? Simply eliminate security vulnerabilities.