Rafay Baloch, the world’s youngest ethical hacker once again makes Pakistan proud. The IT security researcher has won $5,000 for finding the flaw related to Chrome and Firefox website addresses.
Recently, Chrome and Firefox produced a flaw which tricks the website user to enter a spoof site which appears to be legitimate. But it was Rafay Baloch who addressed the flaw and won a combined big bounty of $5,000.
Rafay Baloch is the richest ethical hacker from Pakistan. He was declared as one of the renowned ethical hackers in the year 2014. The world’s leading information security publications, CheckMarx had featured Rafey in the list of top 5 ethical hackers. Rafay has completed his studies from the Bahria University Karachi. He came into the limelight at the age of 21 only, when he exposed some serious flaws in Android’s stock AOSP browser. This incident took the world by storm and Rafay Baloch was identified as one of the influential ethical hackers of the world.
The genius has once again made headlines. This time, Rafay identifies the Chrome and Firefox address bar spoofing flaw. While writing in his blog post, Rafay explained that the flaw could be used to dodge the users into supplying sensitive information and data to a malicious site. The user is easily tricked because the website appears to be legitimate in the browser’s address box.
He explained the flaw using an example. For instance, 127.0.0.1/ا/http://example.com will appear in the browser bar as http://example.com/ا/127.0.0.1.
It means if any person is clicking on the link, which could be hidden in a spam email or tweet, would apparently be going to http://example.com but the site will display content from the IP address.
Baloch further mentioned that the flaw would be soon fixed by the Chrome53 and Firefox48.
Previously, Rafay has also been awarded $10,000 from PayPal. He was also offered a permanent job from the online payment solutions firm regarding his talent of finding many serious vulnerabilities which would have caused threats to the firm otherwise. Rafay Baloch has also published a book called “Ethical Hacking And Penetration Testing Guide.” He has participated in many other bug bounty programs and has helped many major companies regarding their online security.