A popular certification phishing test in open-source China

Source: Internet
Author: User
Tags http authentication

Recently, this is a very popular issue. Authentication phishing is caused by a problem of referencing network images. Currently, there is only one solution, that is, network images cannot be referenced, if you think of a better solution for developing kids shoes, you may want to share them, because it has a huge impact, including qq, Baidu, Renren, and other famous websites. However, why does chrome play only when it enters the current page without a click? Daniel can study it. First, I need to find a place that can reference network images. In fact, this is not a reference, you just need to insert the image as img src = "and then refresh the page to see the effect. Because the specified image address references an http authentication, a phishing authentication is triggered when the page is re-opened, A non-intrusive user finds that he wants to connect to www.oschina.net and enters the user name and password of the website. After clicking "OK", the password will be sent to me, this is because I did this phishing certification. Let's take a look at the effect. It seems that I have received the username and password of oschina, which has been replaced by someone, well, log in and send a message to see if this is a message I sent using the user name and password I just received, because I contacted sweet potato before the test, but he went to Zhou Gong, so send a message and then. Now that the test was successful, programmers found this situation and posted a post. It seems that programmers are still very sensitive, but it also shows that they lack security knowledge, I don't know if this is an authenticated phishing scam. The test ended. After I contacted sweet potato to clarify the matter the next day, sweet potato made a stick on the home page. It seems that he also realized the seriousness of the problem, after all, his website can still post at least the content, which is basically popularized in oschina in terms of security, and my goal has also been achieved, I personally think that starting with programmers is the best way. After that, the user name and password will be tested in the QQ space and Baidu Post Bar.Solution:

Sweet potato preparation cannot directly reference out-of-site images, and sweet potato is also welcome to popularize all kinds of security knowledge for programmers. Isn't that the goal of being unhats? Simply eliminate security vulnerabilities.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.