Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don't Hit That Back Button

Posted by ryuzaki0 on from the burn-your-bridges dept.

Saint Aardvark writes: "From the Bugtraq mailing list comes this warning: 'Using the Back Button in IE is dangerous'. When hitting the back button, javascript links will be executed in the security zone of the last url viewed. Proof-of-concept included in the warning will execute minesweeper or read your Google cookies."

8 of 640 comments (clear)

  1. Using Linux considered harmful by Anonymous Coward · · Score: 0, Troll

    Using open source software is harmful as well, pressing any button is likely to cause it to segfault

  2. So much for trustworthy computing... by coupland · · Score: 1, Troll

    Microsoft seems to really be taking it in the shorts of late -- you can't help but feel a little sympathy watching the pathetic Benny-Hill skit that is their attempt at "trustworthy computing". Feels like the blonde's lost her dress and an angry mob is chasing Gates through the streets of London in double-time. Even hindsight makes it seem that much more pathetic.

  3. see? Microsoft _does_ innovate! by jdbo · · Score: 1, Troll

    This is one of the most beautiful bugs I've ever seen - Microsoft is clearly an innovator in bringing ever-more-advanced, aesthetically-pleasing bugs to customers.

    Seriously though... there is a true elegance to this vulnerability that one rarely sees in the usual passel of buffer overflows, etc.

    This bug combines a canonical and visceral piece of browser functionality (back-button) with a conceptually and technically advanced, as well as invisibly-controlled piece of browser functionality (site-specific browser security settings). What wonderful juxtaposition!

    C'mon! At least this is far better than the usual "ironic" bugs that come up (i.e. default passwords in a security program - har-de-har-snore).

  4. Extra verbiage warning. by fanatic · · Score: 1, Troll

    'Using the Back Button in IE is dangerous'.

    That was supposed to be 'Using IE is dangerous'.

    --
    "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  5. Re:Back buttons by Wakko+Warner · · Score: 1, Troll

    since when was using anything in IE safe?

    I've found that clicking on the little square with the "X" in it at the top of the window is pretty safe.

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  6. Re:My company's solution to IE by BlackEmperor · · Score: 0, Troll

    why is there no "dumb" or "poser" moderation option?

    --
    "all broken things dream of repair" - chris letcher
  7. Re:Go Mozilla! by EzInKy · · Score: 0, Troll

    But Opera isn't Open Source. The only way to cure the ills of M$ is to use code that is open and fixable by everybody.

    --
    Time is what keeps everything from happening all at once.
  8. Lord, you're still at it by Vicegrip · · Score: 1, Troll

    with that asinine Konqueror troll.

    "If IE's Windows integration is a monopoly, then I'm all for the removal of Konqueror from KDE."

    Let me assure you that the irony of you posting this drivel in a discussion thread about the latest exploit for IE has escaped no one. You are making quite the fool of yourself.

    --
    Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.