Phishing by the data URI.
According to a report from TheRegister, Henning Klevjer, a student from Norway, has modified a somewhat old phishing technique (documented by Billy Rios and Nathan McFeters), which allows phishers to hide the entire malicious web page and transform it into a clickable link.
So what exactly is data URI? Known as the “Uniform Resource Identifier scheme”, it allows webmasters to include data in line in web pages as if they were external resources.
With the help of services like TinyURL, phisher can create a malicious page and shorten it to a length that can be easily passed by the email, Facebook or other social services.
However, while Google Chrome blocks redirection to data URIs and Internet Explorer did not load the exploited code, both Firefox and Opera were successfully compromised, according to Henning Klevjer.
Interestingly enough, such attacks are known for a long time and were used target Internet Explorer 6 and 7.
Head over to the source for more details.
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.