This post was published 1 year 10 months 4 days ago and its content may not be valid anymore.

These crafty hackers just won’t quit, will they? The latest ploy hackers are trying is to deceive a user to think they are logging into a secure website, giving up their login credentials.

Mozilla Firefox displays an authentication dialog, whenever the visited web server returns 401 status code, and the “WWW-Authenticate” header. In order to specify basic authentication, the “WWW-Authenticate” header should have the value [Basic realm="XXX"] (without the brackets). The Realm value, which in this case is XXX, will be displayed in the authentication dialog window.
While Firefox does not display the characters in the “WWW-Authenticate” header Realm value after the last double-quotes (”), it fails to sanitize single-quotes (’) and spaces. This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted web site.

Just just have to be sooooo aware on the internet these days because it is getting harder and heard to tell what is legitimate and what is fake.

Read More