It might catch out Joe Sixpack

Story: Using the HTML5 Fullscreen API for Phishing AttacksTotal Replies: 1
Author Content

Oct 12, 2012
4:39 PM EDT
But for me when my KDE4 UI suddenly switches to Unity I would have to be blind and senile not to notice the difference.

This attack could be improved on by taking into consideration various Linux desktops a bit better but will probably be more effective against Windows users whom in my experience don't seem to change their desktop appearance by much but it will struggle against the plethora of different desktop UI's in the Linux arena, another plus in the security through diversity column. Not saying Linux users are immune to this its bound to catch out some but I suspect the percentage will be lower than Windows users simply due to commonness of the Windows desktop appearance.

But a Bank of America phishing site how apt crooked is, crooked does (


Oct 12, 2012
5:57 PM EDT
I noticed the same thing, KDE4 changing to Unity. However even if i had been using the netbook that had the Unity desktop on it, I would still have noticed something wrong, as my side panel was fixed, not set to Auto hide, and it's sudden disappearance would have alerted me to something suspicious. At the very least i would have gone searching for it rather than continue to surf the "banking site".

I checked my browser's (Firefox) User Agent string and it reports Ubuntu; Linux x86_64 (I'm running Linux Mint 13 KDE) so there is no way the malicious site can know what desktop I'm running.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!