Not two days ago i almost had that uncomfortable anxious feeling of having `hacked` a famous Belgian Online newspaper's toolbar. ( www.lesoir.be )
They have that "Add our Toolbar [with RSS etc..]" adie, i installed it and didn't like the overwhelming aspect of it, so i wisely uninstalled it and then, then!, i saw something prone to danger :
- i was redirected to a page ( lesoir.ourtoolbar.com/Default.aspx ) where i could customise my/their own toolbar ... cool..
For a moment i thought they had forgotten a security issue in the style of usename/password, they had NONE, and i customised their toolbar making it mine and making it redirect to RSS feeds and entries of searchengines and dynamic webpages of my own choice..
But no, the name of my/their toolbar had a new name and is fully functionable, it was not the newspaper's toolbar i modified but i fresh new one i made .. still all with the very URL lesoir.ourtoolbar.com !!
(when finished it redirected to mytoolbar.ourtoolbar.com, but still ...)
Just go to www.ourtoolbar.com and make your own ...
Do you copy ?? Do you all see the potential exploits one can make with such things ??
phishing, homepage hijacking and spam have yet another oportunity to spread
(( ask for directive in PM, it is freakiy !!)
Nothing happened : i didn't hacked anything and i hadn't f*cked up the newspaper's toolbar at all.
The idea though, how easiily one can fool people with that thrills me !
--
FrankB
