Full Disclosure mailing list archives
Re: Geolocation spoofing and other UI woes
From: Christian Sciberras <uuf6429 () gmail com>
Date: Fri, 27 Aug 2010 14:42:04 +0200
Pavel, did you actually check out the PoC? It actually invalidates your idea as well! These UI issues remind me of how MSIE made the security UI work for ActiveX, where you get a topbar as well, but clicking it would shown up a popup instead of allowing the activex. As far as my mind goes, one can't exploit this since there is the concept of requiring at least two clicks; if the first one was misinformed, the second one surely can't be, besides, showing yet another overlay popup would (should?) invalidate/hide the previous popup menu. In reply to lcamtuf, the usability issues are crap, really. What is so difficult in implementing a menu? The menu might have items saying "don't ask again for this site" or "always allow for this site". Cheers, Chris. (dumb antihtml settings) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Geolocation spoofing and other UI woes Michal Zalewski (Aug 17)
- Re: Geolocation spoofing and other UI woes Michal Zalewski (Aug 17)
- Re: Geolocation spoofing and other UI woes Pavel Machek (Aug 27)
- Re: Geolocation spoofing and other UI woes Christian Sciberras (Aug 27)
- Re: Geolocation spoofing and other UI woes Christian Sciberras (Aug 27)
- Re: Geolocation spoofing and other UI woes Christian Sciberras (Aug 27)