Simon Willison’s Weblog

Subscribe

Monday, 2nd June 2008

Scaring people with fullScreen. Unsurprisingly, you can work around the “Press Esc to exit full screen mode” message in Flash by distracting the user with lots of similar looking visual noise. This opens up opportunities for cunning phishing attacks that simulate the chrome of the entire operating system. EDIT: Comments point out that text entry via the keyboard is still disabled, limiting the damage somewhat.

# 10:18 pm / distraction, flash, fullscreen, phishing, security

2008 » June

MTWTFSS
      1
2345678
9101112131415
16171819202122
23242526272829
30