Hacker News new | past | comments | ask | show | jobs | submit login

This is just a PoC. Now imagine that the author instead:

1. Writes up that post.

2. Inserts an iframe in the post, which enumerates known sites. (hidden out of view with css tricks)

3. Instead of alerting on screen, sends the results back to their server.

4. Submits to HN.




It's also REALLY easy to deliver that malicious site through web ads, especially background pops.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: