Hacker News new | past | comments | ask | show | jobs | submit login

I just tried this on Chrome 60.0.3112.90. Both Firefox and Safari throw phishing warnings with these URLs.

http://news.ycombinator.com@1572395042 Chrome takes me to 93.184.216.34 no warning

Then I tried http://security.wellsfargo.com@customerLoginv=ar3351RandomDa...

Which stretches way past my laptops viewable URL bar... and it takes me right to badsite.null (or a valid site like example.com). If you need HTTPs you can redirect on badsite.null's web server. Very wild.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: