Do you think you are safe? Discover the power of relocation
This is not going to be a tutorial like the others I've done,
Here I won't teach you how to code a new application nor which is the best software to cook a pie.
Today I'll write about security:
A little Preface:
I have had lots of friends and colleagues that were never worried about protecting and guarantee the security of their computers and data.
From the otherside, I've had friends that used to have installed two, three or even more software like antivirus, ad blocker, and tools to maintain their files safe with the only result to have software in conflict one another and a slower computer than ever.
Last week my boss showed me a post written by Ben Halpern a New York City developer, founder of The Practical Developer, that really made me think about how much time I spend looking for the non plus ultra software that transform my mechanic friend into a shield and then find out how easy it's to break into websites, even the most popular and well developed.
One of the firsts html tag to learn is the
This command opens the linked document in a new window or tab, but only a few people (and I was one of them until a couple of days ago) knows that thepage, we're linking to gain partial access to the linking page via the window. opener object.
Imagine to click on links, pictures or whatever and be redirected to some other page that contain the actual content.
It is as easy assaying, just need to add this to the code of the second page
window.opener.location = 'https://fake-facebook-page.com/phishing.php';
How to fix it
It is almost unbelievable how popular is this tag and how easy is to create problem with that,
But is also easy to fix infact to put the website in secure the only code to add is the:
var newWnd = window.open();
newWnd.opener = null;
If you think this will never happen to you, I suggest to come back to the Facebook page in which you clicked and discover the surprise I made for you.
(If you didn't arrive from my Facebook post here is the link to try).