Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I mean, a website could display a crafty popup-appearing box and try to get you to type in your username and password. Not really sure how you can prevent that.

Vista used the “the background dims quite a bit” to try to deal with that.



I just told you how… it would show your special icon or phrase inside so you’d confirm it before you typed anything.

The phrase would be managed through a system screen, like a login screen


Problem is most users will not care or understand it. Someone will spoof the dialog without the special icon or phrase and users would still enter the password.


Banks did this years ago, but a few surveys showed nobody actually checked for their key phrase or image.


Yeah. I think the key thing in my vulnerability is that it abused a legitimate OS prompt and had the consequences of that prompt be applied to something separate from what the prompt text itself said it would.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: