New Vulnerability Affects All Browsers

← Back to Stories (view on slashdot.org)

New Vulnerability Affects All Browsers

Posted by samzenpus on Wednesday December 8, 2004 @03:00PM from the everything-equal dept.

Jimmy writes "Secunia is reported about a new vulnerability, which affects all browsers. It allows a malicious web site to "hi-jack" pop-up windows, which could have been opened by e.g. a your bank or an online shop. Here is a demonstration of the vulnerability"

1 of 945 comments (clear)

Re:Here's how it works by crazyphilman · 2004-12-08 18:53 · Score: 0, Troll

An A/C posted a reply to this, calling me "a poor dumb sod" over and over again; must've been British, or one of those sad Americans who want to sound British and start saying "arse" and "sod" instead of "ass" and "schmuck". Some of his points are worth mocking, so here goes:

He says JavaScript's security model is broken. Says who? And in which browser? Because they all have different implementations. He's just another weirdo who insists that everyone turn off JavaScript because HE can't be bothered to use a browser with a good implementation of it (read: NOT IE).

Ok, moving right along, I point out that "who's going to go to some hacking site and open a link to their bank?" A reasonable question. To which our Brit (or whatever) replied:

"A person using a hacking site that is using DNS poisoning to pretend to be Google or MSN, you poor dumb sod."

To which I REPLY:

DUH, IF the hacking site was using DNS poisoning to redirect people to it, then I don't think it would need a FUCKING POPUP to trick people; it would much more likely have a whole spoof site set up. Why would the crook bother with all this popup and DOM silliness? It would be MUCH more reliable to just code a mock page, you poor dumb schmuck (see how that works? I'm an American, so I say "Schmuck". It rolls off the tongue, say it with me: SCHMUCK! YOU'RE A SCHMUCK!).

Anyway, do you think anyone with the skill to do "DNS Poisoning" (???) is going to have to resort to a trick this cheesy? Give me a break. It'd be like a sculptor buying a piece of marble, tools, etc... And then making his sculpture out of playdough while sitting on the marble chunk. It would be DUMB, and other hackers and phishers would make fun of the guy at parties.

And, what's up with British slang, anyway? In the U.S. "sod" is preseeded grass sold in hardware stores. You buy it by the yard. It smells nice, grows fast, is easy to apply... Those are good things, I think. So... Thanks!

--
Farewell! It's been a fine buncha years!