Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGUWgD97nkCGns=1JSAH+StSYtTaHPoF6bm5n8WXk=dKoFzN_A@mail.gmail.com>
Date: Tue, 3 Dec 2019 07:54:54 +0200
From: Georgi Guninski <gguninski@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: virtual consoles

On Mon, Dec 2, 2019 at 7:13 PM Tavis Ormandy <taviso@...il.com> wrote:
>
> Hey List, we were discussing simple screen spoofing attacks today, and
> whether we consider it a vulnerability or just social engineering. For
> example, this paper on tricks Android malware can use to trick the user
> into granting permissions to the wrong app.
>

Precedence in mobile code:

1. This exists in Android 9, I had hard time exiting fullscreen
video player
2. Mozilla fixed similar bug about 15 years ago.
3. In 2001 internet exploder was remotely vulnerable and hitting
control-alt-del was not easy:

https://www.dslreports.com/forum/r1651258-Javascript-in-IE-may-spoof-the-whole-screen
http://www.guninski.com/popspoof.html

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.