solidos icon indicating copy to clipboard operation
solidos copied to clipboard

Published 20 hours ago verified publisher icon SolidOS

Physhing risk when hosting HTML files

Open joeitu opened this issue 3 years ago • 1 comments

Hello,

Not sure if this is the correct place to create the issue, but today on https://solidcommunity.net I created an account called "password-recovery" and was able to create this: https://password-recovery.solidcommunity.net/

I can imagine a scenario where an attacker would grab email addresses from solidcommunity.net users ( by scraping their WebID document for e.g. ) and then send them a phishing email " All solid community accounts have been compromised, please reset your password on https://password-recovery.solidcommunity.net/"

Of course, solidcommunity.net offers no warranty on security, as it is principal place of experimentation. But I wonder in the future if it would be possible to have at the same time the possibility to host webpage and prevent phishing attacks. Maybe a stronger blacklist? A moderation system, where permission needs to be requested to host a webpage?

joeitu avatar Mar 16 '22 13:03 joeitu

Related issue for NSS: https://github.com/nodeSolidServer/node-solid-server/issues/1356

Otto-AA avatar Aug 16 '23 15:08 Otto-AA