« HOWTO - free copies from Canon copiers | Main | Over quota »

Favicon, security hole

I find this exploit amusing for some reason. You're probably familiar with "favicons," the images web servers can deliver to some browsers so you can have a tiny logo (or whatever) instead of a generic bookmark graphic on your address bar or in your bookmarks. Normally they're really small, like 15 pixels square. Well the folks at GreyMagic discovered that the Opera web browser could handle much wider graphics and that the graphic would cover up the URL in the address bar. This means a malicious web site could cover their hostname with a graphic displaying the URL of another site, say, "http://www.ebay.com." Here's the sample graphic from GreyMagic's site:

sample URL obscuring favicon

I wish they had a screenshot of what this looked like in Opera, the demonstration page is only a demonstration if you have the browser. Opera has already issued a patch.

Comments (1)


Found a full screenshot: http://www.infoguerra.com.br/infonews/fotos/golpes/opera_favico.jpg

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


This page contains a single entry from the blog posted on June 4, 2004 12:13 PM.

The previous post in this blog was HOWTO - free copies from Canon copiers.

The next post in this blog is Over quota.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.31