Slashdot Mirror


Don't Hit That Back Button

Saint Aardvark writes: "From the Bugtraq mailing list comes this warning: 'Using the Back Button in IE is dangerous'. When hitting the back button, javascript links will be executed in the security zone of the last url viewed. Proof-of-concept included in the warning will execute minesweeper or read your Google cookies."

19 of 640 comments (clear)

  1. First exploit! by Anonymous Coward · · Score: -1, Troll

    Stupid MS...

  2. Woot by Anonymous Coward · · Score: -1, Troll

    First POst

  3. Haha by Anonymous Coward · · Score: -1, Troll

    I have a mouse button mapped to go back. I don't have to click on that stupid arrow like you freaks.

  4. Using Linux considered harmful by Anonymous Coward · · Score: 0, Troll

    Using open source software is harmful as well, pressing any button is likely to cause it to segfault

  5. What are the odds... by jargonCCNA · · Score: -1, Troll

    that this is probably the first Microsoft's heard of this bug, and by the end of the week they'll have a "Critical Update" for us SE users and a forced bug fix for everybody on XP?

    Big whoop, considering the people who know about it (cough, /. readers, cough) generally seem to support Mozilla. Feh.

    --
    Matthew G P Coe
    http://mgpcoe.blogspot.com/
  6. So much for trustworthy computing... by coupland · · Score: 1, Troll

    Microsoft seems to really be taking it in the shorts of late -- you can't help but feel a little sympathy watching the pathetic Benny-Hill skit that is their attempt at "trustworthy computing". Feels like the blonde's lost her dress and an angry mob is chasing Gates through the streets of London in double-time. Even hindsight makes it seem that much more pathetic.

  7. see? Microsoft _does_ innovate! by jdbo · · Score: 1, Troll

    This is one of the most beautiful bugs I've ever seen - Microsoft is clearly an innovator in bringing ever-more-advanced, aesthetically-pleasing bugs to customers.

    Seriously though... there is a true elegance to this vulnerability that one rarely sees in the usual passel of buffer overflows, etc.

    This bug combines a canonical and visceral piece of browser functionality (back-button) with a conceptually and technically advanced, as well as invisibly-controlled piece of browser functionality (site-specific browser security settings). What wonderful juxtaposition!

    C'mon! At least this is far better than the usual "ironic" bugs that come up (i.e. default passwords in a security program - har-de-har-snore).

  8. Re:Go Mozilla! by Anonymous Coward · · Score: -1, Troll

    With every passing week, MS gives us more and more reasons not to use their POS browser. Whereas Mozilla is quickly becoming the undisputed king; tabbed browsing, filtering popups, better security options, and .. oh yeah, it's open source.

    Take that, Microsoft. ;-)


    With every passing week, the memory of Netscape/Mozilla fades even farther into the depths of the publics' memory. If Netzilla or whatever it is ever had the user base of IE, you would see just as many advisories about it's security flaws. That's what really gets me, people comparing a hardly used piece of crap to the most used piece of software probably in all time.

    Browser statistics shown here:
    http://www.w3schools.com/browsers/browsers_ stats.a sp

    Speak clearly enough.. more than 90% of the people using the web, use IE. Just in case you were thinking of using some fucked up open-source whack-logic or something.

  9. Extra verbiage warning. by fanatic · · Score: 1, Troll

    'Using the Back Button in IE is dangerous'.

    That was supposed to be 'Using IE is dangerous'.

    --
    "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  10. Re:Back buttons by Wakko+Warner · · Score: 1, Troll

    since when was using anything in IE safe?

    I've found that clicking on the little square with the "X" in it at the top of the window is pretty safe.

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  11. Re:I wouldn't hedge my bets on Mozilla so blindly. by Anonymous Coward · · Score: -1, Troll
    And the beast shall be made legion. Its numbers shall be increased a thousand thousand fold. The din of a million keyboards like unto a great storm shall cover the earth, and the followers of Mammon shall tremble.

    not sure if /. is screwing up the base64. might need to cut-and-paste the source into your own html file and view it in mozilla. but pretty kewl!

  12. Re:I wouldn't hedge my bets on Mozilla so blindly. by Anonymous Coward · · Score: -1, Troll
  13. Re:I wouldn't hedge my bets on Mozilla so blindly. by Anonymous Coward · · Score: -1, Troll

    foo

  14. Re:I wouldn't hedge my bets on Mozilla so blindly. by Anonymous Coward · · Score: -1, Troll

    bar

  15. Re:Test it out if you have IE by Anonymous Coward · · Score: -1, Troll

    You fools!

    Some stranger on slashdot posts a link saying "this will exploit a security hole in your web browser" and you CLICK ON IT???

    j/k, now everyone click on this link!

  16. Re:My company's solution to IE by BlackEmperor · · Score: 0, Troll

    why is there no "dumb" or "poser" moderation option?

    --
    "all broken things dream of repair" - chris letcher
  17. Re:Go Mozilla! by EzInKy · · Score: 0, Troll

    But Opera isn't Open Source. The only way to cure the ills of M$ is to use code that is open and fixable by everybody.

    --
    Time is what keeps everything from happening all at once.
  18. Re:Go Mozilla Anyways! by Anonymous Coward · · Score: -1, Troll

    Bench the latest Mozilla build (turn off debugging and turn on optimization, just like a normal release build) and post that again. Of course, to really shine, run it on Linux or a free BSD.

    First of all I don't need benchmarks to show me that IE is faster. The difference is night and day. I don't care if Mozilla is .01% faster at rendering one specific part of certain pages that are only used in less than 1% of all websites. IE renders the majority of all websites faster.

    Secondly, Windows 98SE, 2000, or XP blow the socks off any Linux Desktop I've ever used. Notice I said DESKTOP. I love using Linux for Server related tasks but it STILL (as of 4/17/2002) sucks on the Desktop. I don't have benchmarks and performance results to backup my claim ... but I don't need them because it runs so much slower that my eyes can easily perceive the sluggishness of the system when compared to a Windows Desktop.

    If I run a "bare bones" setup such as Window Maker with no Desktop Manager, then the speed is better. But that's not a fair comparison to Windows any more. KDE and/or Gnome is a fair comparison to Windows in terms of resource usage.

    And for the curious, NO - I am not running Mandrake or prebuilt packages. I have compiled everything myself optimized for my hardware. It makes no noticeable difference.

    My Linux Desktop machine is fun to play with and it is quite useable for just about anything I need to do. But I don't even try and pretend and fool myself that it's "better" than Windows because it's not even close.

  19. Lord, you're still at it by Vicegrip · · Score: 1, Troll

    with that asinine Konqueror troll.

    "If IE's Windows integration is a monopoly, then I'm all for the removal of Konqueror from KDE."

    Let me assure you that the irony of you posting this drivel in a discussion thread about the latest exploit for IE has escaped no one. You are making quite the fool of yourself.

    --
    Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.